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Greater reliability. Improved performance. 
Faster resource provisioning. Running Linux on 
the mainframe may be your best bet for con- 
solidating servers and lowering costs. Yet not 
every application will benefit — and knowing 
the difference is a crucial measure of success. 
See what experienced users recommend. PAGE 23 
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‘Microsoft Adds a Year to 


NT Server 4.0 Support 


Users feeling upgrade pressure get a reprieve, 
but extension doesn’t cover all support options 





BY CAROL SLIWA 
Microsoft Corp.’s confirma- 
tion last week that it will ex- 


| tend key support provisions 
| for Windows NT Server 4.0 


through 2004 provided a re- 
prieve for companies feeling 
pressure to move off the aging 
operating system 

Many corporate users that 
are still running Windows NT 
Server 4.0 said the end of sup- 
port was the primary reason 





for their decisions to either 
migrate off the operating sys- 
tem or plot their upgrade op- 


| tions. Microsoft had an- 
nounced in October that the 


extended support phase for 
NT Server 4.0 would cease at 
the end of 2003. 

“This gives me more breath- 
ing room. Like all IS organiza- 
tions, we're just massively re- 
source-constrained,” said 
Randy Truax, manager of 


Unprepared Firms Slammed 


Worm took advantage 


| of IT shops’ failure to 
use available patches 


BY JAIKUMAR VIJAYAN 
The widespread disruptions 


caused by last week’s SQL 


Slammer worm demonstrated 
yet again the importance of 
proactive vulnerability patch 
management, users and ana- 
lysts said. 

Slammer, a self-propagating 


| worm also dubbed Sapphire 


and SQL Hell, surfaced Jan. 25. 
The worm infected computers 
by means of a known flaw in 
Microsoft Corp.’s frequently 
patched SQL Server database 
software. Slammer works by 
copying itself onto vulnerable 
computers and then using 
those systems to scan for and 





infect other machines running 
SQL Server. 

As was the case with prede- 
cessor worms like Nimda and 
Code Red, Slammer could 
have been thwarted if users 
had applied a patch that Mi- 
crosoft issued more than six 


| months ago. 


The administrators of af- 
fected servers “most certainly 
Slammer, page 14 





technical services at Metro- 
politan Health Corp. in Grand 
Rapids, Mich. 

Metropolitan has 54 Win- 
dows NT 4.0 servers running 


health care, financial and sup- 


ply chain applications, as well 


| as SQL Server and various 
| utility tools. Plans call for the 


IT department to determine 
the fate of those servers by the 
time the organization’s new 


| fiscal year starts July 1. 


Truax said he’s now more 


| inclined to take a closer look 
| at Windows Server 2003, 


NT Server 4.0, page 49 


Cheap Cartridge Option in Peril 


Lexmark’s legal action 
could dry up printer 
cartridge aftermarket 


BY PATRICK THIBODEAU 


| WASHINGTON 


The remanufactured toner 
cartridge industry, which pro- 
vides low-cost printer car- 
tridges for many corporations, 
is under a legal and technolog- 
ical assault that could deprive 


| IT managers of a money- 


saving option. 

The major printer manufac- 
turers are making changes to 
cartridge designs and the 
computer chips that mate a 
cartridge with a printer, there- 
by making it increasingly diffi 
cult for remanufacturers to re- 
fill the cartridges. It can take 
remanufacturers more than a 
year of engineering work to 

Cartridges, page 16 
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27 nightly backup schedules. 


And that’s just one office. 


You're burning the midnight oil. So is your storage network. And the only things growing faster than your storage needs 
are your storage problems. The solution? BrightStor™ Portal. A breakthrough in enterprise-wide storage software that provides 
a single point of management. With a flexible portal interface that’s easy to use, BrightStor Portal gives you a customized view 
of your entire storage environment so you can respond to any issue, anytime, anywhere. In-depth access to business-critical 


information 24 x 7 will help you simplify operations, increase productivity and maximize cost efficiency across your enterprise. 


Hey, with more and more issues under control, you may actually get to go home. ca.com/brightstor/portal 
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Inside Trustworthy Computing 


In the Technology section: How is Microsoft doing 
with its Trustworthy Computing initiative? Craig 
Mundie, the company’s senior vice president and 
chief technical officer of advanced strategies and 
policy, gives Computerworld an update. Page 28 
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wrong. 
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AT DEADLINE 


Vendors Promise 
Mobile Java Spec 


A group of vendors led by Sun Mi- 
crosystems Inc. detailed a road 
map for creating a unified specifi- 
cation that companies could use 
to develop wireless Java applica- 
tions. The group, which includes 
more than a dozen makers of mo- 
bile devices, said the specification 
should be finished by midyear. 
Compliant devices are expected to 
be available starting in the fall. 


IBM Plots App 
Server Upgrade 


IBM announced that it’s develop- 
ing an upgrade of its WebSphere 
application server software that 
will include new capabilities for 
managing business-process work- 
flows. The upgrade is due by 
midyear and will include new Web 
services functionality that Sun is 
building into the next version of 
its Java 2 Enterprise Edition tech- 
nology, said Scott Hebner, the 
director of WebSphere marketing 
at IBM. 


AMD Revamps 
64-bit Chip Plans 
Advanced Micro Devices Inc. said 
it plans to launch its 64-bit 
Opteron microprocessor for 
servers and workstations in April. 
But the Sunnyvale, Calif.-based 
company added that its Athlon 64 
chip for desktop PCs has been de- 
layed for a second time. The 
Athlon 64, which also is a 64-bit 


device, is now due for release in 
September, AMD said. 


Short Takes 


SUN said it will announce its plans 
to expand the level of Web ser- 
vices support in Java this week 
but wouldn’t disclose any details. 
... THE INSTITUTE FOR INFORMA- 
TION INFRASTRUCTURE PROTEC- 
TION, a group of 23 colleges and 
research laboratories, released a 
report calling for the U.S. govern- 
ment and private-sector compa- 
nies to increase spending on 
cybersecurity research. 


Firm plans to reaudit 2000, 2001 results 





BY MARC L. SONGINI 
UPPLY CHAIN software 
vendor i2 Technologies 
Inc. last week reported 
its fifth straight quar- 
terly loss and confirmed that 
the U.S. Securities and Ex- 
change Commission is now 
probing its finances. 

The Dallas-based company 
said the SEC has opened an in- 
formal inquiry into its finan- 
cial reporting for 2000 and 
2001. The SEC’s decision came 
after i2 told the agency about 
two former i2 executives’ alle- 
gations of accounting irregu- 
larities. 

12 last week also announced 
that its board has asked audi- 
tor Deloitte & Touche LLP to 
reaudit the numbers that the 
company reported for 2000 
and 2001. The company noted 
that the new audit could im- 
pact its fourth-quarter 2002 
results, which it described as 
preliminary. 

“It would be very discourag- 
ing and disruptive to see i2 
lose focus,” said Richard 
Scheerer, vice president of IT 


BY JAIKUMAR VIJAYAN 
IBM last week announced an 
initiative to expand its grid 
computing offerings from its 
traditional niche in academia 
and research to commercial 
enterprises. 

Under the plan, IBM will 
deliver 10 separate grid com- 
puting bundles optimized for 
companies in five vertical in- 
dustries. 

For financial services users, 
IBM is offering a trading ana- 
lytics acceleration grid and an 
IT optimization grid to help 





exploit underutilized comput- 
ing and storage resources. 








at The Clarks Companies, 
North America. Clarks, a 
shoemaker in Newton Upper 
Falls, Mass., has implemented 
several of i2’s order manage- 
ment and supply chain plan- 
ning applications. 

Scheerer said i2 hasn't let 
him down so far. But he added 
that he’s always concerned 
about the viability of his soft- 
ware vendors, and he empha- 
sized the need for i2 to contin- 
ue upgrading its product line. 

On the other 
hand, Gene 
Hunt, chairman 
of the Atlanta- 
based i2 User 
Group’s board of 
directors, ap- 
plauded the firm’s reaudit 
plans. “We think this indicates 
a sense of openness and confi- 
dence about the business,” 
Hunt said in a letter to i2’s 
management. 

Hunt, who is a member of 
the technical staff at Texas In- 
struments Inc. in Plano, Texas, 
added in the letter that i2’s 
employees “are demonstrating 


IBM Targets Corporate 
Users With Grid Computing 


Similarly, for users in the 
life sciences space, IBM will 
offer grid technologies that 
can dramatically increase the 
number of calculations proc- 
essed during drug research. 
And an engineering design 
grid is aimed at improving re- 
source utilization for automo- 
tive companies. 

The goal is to let new users 
take advantage of the same 
collaborative computing func- 
tionality that grid computing 
has delivered to others for 
several years, said Tom Hawk, 
general manager of IBM’s grid 
computing business. 





THE VIEW FROM i2 


CEO Sanjiv Sidhu talks about i2’s 
problems and efforts to turn it around: 


QuickLink 35956 
www.computerworld.com 





a desire to maintain and im- 
prove customer satisfaction.” 

“While this could defocus 
i2, it should have little effect 
on the user base,” said Gartner 
Inc. analyst Karen Peterson. 
She added that the reaudit and 
SEC disclosures “masked the 
fact that i2 actually did better 
than expected last quarter.” 

I2 CEO Sanjiv Sidhu down- 
played the chances that the 
company’s financial picture 
would be radically changed by 
the new audit. Referring to the 
preliminary fourth-quarter re- 
sults, Sidhu said i2’s manage- 
ment has “basic 
comfort in their 
stability.” 

I2 announced 
a fourth-quarter 
loss of $12.4 mil- 
lion, which in- 
cluded a $23 million restruc- 
turing charge to cover the cost 
of additional layoffs. Revenue 
totaled $119.9 million, down 
from $193.9 million reported 
for the fourth quarter of 2001. 

It would be surprising if i2 
users didn’t have any concerns 
about the current situation, 
said Andrew Ball, a London- 
based analyst at Frost & Sulli- 


“What we have done is to 
take preconfigured IBM soft- 
ware, middleware, hardware 
and integration functionality 
and box it up” for use in vari- 
ous industries, Hawk said. 


Lower Cost of Entry 
Butterfly.net Inc., a provider of 
multiplayer online PC, con- 
sole and mobile games, has 
based its network on IBM grid 
computing technologies. 

Butterfly is using the open- 
source Globus Toolkit, togeth- 
er with a grid-enabled version 
of IBM’s WebSphere applica- 
tion server and some in-house 
software, to link more than 
500 IBM blade servers across 
multiple cities. 

The company first consid- 
ered using large servers and 








SEC Examines i2’s Books as 
Vendor Reports Another Loss 


van Inc. Ball added that the 
problems at i2 stem from the 
company’s behavior during 
the boom years of IT industry 
growth. “I2 flew too close to 
the sun during the good times 
and is now, like Icarus, paying 
the consequences,” he said. B 


clustering technologies. But 
the grid approach allows for 
better resource utilization and 
more flexibility in allocating 
resources to applications as 
they are needed, said David 
Levine, CEO and founder of 
the Martinsburg, WVa., firm. 

“The cost of entry is also a 
lot lower because you can 
start with commodity sys- 
tems,” Levine said. “I can see 
where an approach like this 
might make sense” in the mar- 
kets that IBM is now targeting. 

As part of the initiative, IBM 
last week announced that it 
will work with two grid mid- 
dleware vendors — Platform 
Computing Inc. in Markham, 
Ontario, and DataSynapse Inc. 
in New York — to deploy 
grids in enterprises. D 
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H-1B Visa Count Down, Anger Up 


Jobless protesting program despite a 
decrease in the number of H-IBs issued 





BY PATRICK THIBODEAU 
WASHINGTON 

In a year when the U.S. began 
what has been characterized 
as a jobless recovery, immigra- 
tion authorities issued 79,100 
H-1B visas, a sharp decline 
from previous years. But that’s 
cold comfort for displaced 
workers. 

The number of H-1B visas 
issued in the fiscal year that 
ended Sept. 30 was well under 
the 195,000 cap set by Con- 
gress, and less than half the 
163,600 issued by the U.S. Im- 
migration and Naturalization 
Service in fiscal 2001. 

Supporters of the H-1B pro- 
gram say the decline indicates 
that the program is working, is 
self-regulating and isn’t being 
abused by employers. H-1B 
visas are used to bring skilled 
workers, many of them IT pro- 





fessionals, into the U.S. They 
are good for up to six years. i 


But opponents, who are in- 
creasingly coalescing into 
grass-roots organizations, say 
the H-1B numbers tell only 
part of the story. They con- 
tend that employers are still 
bringing in large numbers of 
foreign workers, but they’re 
doing so under programs such 
as the L-1 visa, which is used 
for employees who are trans- 
ferred by multinational firms 
to work in the U.S. 

Much attention, however, 
will be focused on the H-1B 
cap, which will remain at 


Beyond the Cap 


Visa cap 
Visas issued 


Visas issued in 
exempt category* 


342,000 


195,000 this year but is set to 
decline in fiscal 2004 to 
65,000. 

Harris Miller, president of 
| the Information Technology 
Association of America in Ar- 
lington, Va., said he doesn’t 
know whether his industry 
group will fight the decrease 
to 65,000. “It will be hard to 
convince Congress” of the 
need for a higher cap “if you 
| have no recovery or a jobless 
recovery,” he said. 

Among the grass-roots op- 
position organizers is Peter 
Bennett, a Danville, Calif., res- 
ident who operates a Web site 
called NoMoreHlb.com. Ac- 
cording to Bennett, many dis- 





Fiscal 
2001 


195,000 
79,100 


215,000 


ae 
2000 


195,000 
163,000 


* Exempt category includes organizations such as schools and nonprofit research groups. 


Analysts Say Doubts About ROI Are 
Slowing Corporate Handheld Rollouts 


Mobile device sales drop off, although 
some users are reporting fast paybacks 





BY BOB BREWIN 
Vendors of handheld devices 
had “dismal” sales last year, 
with worldwide product ship- 
ments dropping 9.1% from 
their 2001 level, according to a 
report released last week by 
Dataquest Inc. 

That finding dovetails with 
a report on the handheld mar- 
ket released in December by 
Framingham, Mass.-based 
IDC, which estimated that 
sales of the devices in 2002 
would be down 2.1% on a year- 
over-year basis. Dataquest and 
IDC analysts both said that 
slower rates of adoption by 
corporate users are hurting 
the once-hot handheld market. 

Todd Kurt, an analyst at San 





Jose-based Dataquest, estimat- 


ed that more than 70% of the 
handhelds sold last year were 
bought by consumers. The 
corporate market stagnated 
due to the weak economy and 
a perception among users that 
handhelds “are not yet capable 
of delivering sufficient return 
on investment,” he said. 


Making the Effort 


However, some experienced 
users disputed Kurt’s take on 
ROI and said that if imple- 
mented the right way, mobile 
devices can have a quick and 
continuing payoff in corporate 
settings. But doing it right can 
take some work, they added. 
Andy Johnson, general man- 
ager of AEX LLC, a Phoenix- 
based financial courier service 


that operates in 100 cities in 
seven Southwestern states, 
faulted handheld vendors and 
their software partners for not 
| developing applications that 
can be easily adopted by vari- 
ous vertical industries. 

AEX has equipped 54 of its 
| couriers with ruggedized 
handheld devices made by 
Symbol Technologies Inc. in 
Holtsville, N-Y., as well as in- 
| truck Global Positioning Sys- 
tem receivers and mobile ap- 
plications developed by At 
Road Inc. in Fremont, Calif. 

Johnson said AEX has got- 
| tena significant return in 
terms of increased productivi- 
ty from the technology. But he 
added that although At Road 
provided AEX with a tem- 
plate, the software needed to 
be modified to meet its needs. 

Tom Allen, At Road’s chief 
operating officer, said some IT 











placed workers are ready to 
act if Congress moves to in- 
crease the cap. “It will trigger 
an onslaught of cails” to law- 
makers, he said. 


5.1% Unemployment Rate 
One organization that has 
been critical of the H-1B pro- 
gram is the IEEE-USA, a unit 


| of the Institute of Electrical 
and Electronics Engineers Inc. | 


According to the Bureau of 
Labor Statistics, there are 
94,000 unemployed computer 
scientists in the U.S. That’s an 
unemployment rate of 5.1% in 
that field, said George F. Mc- 
Clure, who chairs the IEEE’s 
Career and Workforce Policy 
Committee. H-1B visa holders 
“are all competing for the 
same small pot of jobs, and we 
don’t think that is a good 
thing,” he said. 

Eight weeks ago, some un- 
employed IT workers in Con- 
necticut formed The Organi- 
zation for the Rights of Ameri- 
can Workers. It started as an 
informal networking effort, 
but an organizational meeting 
required a hall to accommo- 
date 65 attendees. The group 


managers are reluctant to em- 
brace mobile devices because 
of the cost and complexity of 
hooking them into corporate 
systems. Moreover, many 
users are simply confused by 
all the rival devices and oper- 
ating systems on the market, 
he said. 

Rob McClellan, director of 


| supply chain management and 


e-services at Taylor Made Golf 
Co. in Carlsbad, Calif., said 
he’s in the process of deploy- 
ing Symbol handhelds to an 
85-person sales force. The goal 
of the rollout is to increase 
productivity and improve in- 
ventory management at the 


| ce ° 
maker of golfing equipment 


and apparel. 

McClellan said salespeople 
who already have the hand- 
helds use their bar-coding ca- 
pabilities to track inventories 
at golf pro shops and equip- 
ment stores. Automating that 
process alone saves an hour 
per worker each day, he said. 
And since the sales force can 
now transmit inventory data 
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i We have 
members 
that are about to 
lose their homes. 
We have to make 
the public aware of 
what’s going on. 


JOHN BAUMAN, VICE PRESIDENT 
THE ORGANIZATION FOR THE RIGHTS 
OF AMERICAN WORKERS 


now has 200 members. 

“We have members that are 
about to lose their homes,” 
said John Bauman, vice presi- 
dent of the Meriden-based or- 
ganization. “We have to make 
the public aware of what's go- 
ing on.” 

Nate Viall, a Des Moines, 
Iowa-based recruiter who spe- 
cializes in finding candidates 
for IBM iSeries application de- 
velopment, said that although 
there’s no shortage of quali- 
fied U.S. workers to fill those 
jobs, he has seen U.S. workers 
lose out to H-1B visa holders. 
“It’s always about the money,” 
said Viall. D 


electronically instead of faxing 
it, McClellan said he is receiv- 
ing information that he needs 
to forecast buying trends on a 
more timely basis. D 


25.7% 
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HP, Delphi Expand 
SAP Services Deal 


Hewlett-Packard Co. said it has 
expanded a technology and IT 
services deal under which it runs 
SAP AG's business applications 
for Delphi Corp., a Troy, Micti.- 
based supplier of automotive 
parts. Under a new five-year 
agreement, SAP systems for 
Delphi's operations in North 
America and Singapore wiil be 
consolidated on HP servers and 
managed from the vendor's 
Toronto data center. 


Alcan Outsources 
Operations to CGI 


Aican Inc., a Montreal-based 
maker of aluminum and packag- 
ing materials, said it has final- 
ized a 10-year IT outsourcing 
deal vaiued at about $110 million 
(U.S.) with CGI Group Inc. CGI, 
also in Montreal, will take over 
management of Alcan’s help 
desk operations, data centers 
and messaging systems. The two 
companies had announced a ten- 
tative agreement last July. 


IBM, British Airline 
Agree on Pact 


IBM and Luton, England-based 
Britannia Airways Ltd. said 
they're developing a system that 
will use IBM’s ThinkPad X24 
notebook PCs and a wireless 
network to electronically store 
flight manuals and safety infor- 
mation in airplane cockpits. The 
data will be updated via the 
wireless link. The deal is worth 
about $1.6 million, IBM said. 


Short Takes 


European Union officials said 
MICROSOFT CORP. has agreed to 
make “substantial changes”to 
its .Net Passport identity man- 
agement software in order to 
conform to European data priva- 
cy laws. . . . SAP dropped the 
dot-com reference from its appli- | 
cations product line, which is 
now called mySAP Business | 


NEWS 


MARK HALL #®ON THE MARK 


IT Users Botch 
Security Again ... 


...and again. The Slammer worm being the latest in a long history of 
utterly incompetent computer security procedures by IT systems man- 
agers. Blame software developers, if it makes you feel better. But IT 
buyers are the major problem. Security vendors would despair at the 
consistent foolisinness of users if they didn’t make so much money 
from fixing the problems — usually after the fact. “IT buyers have 
tremendous control over the quality of security in the products 


they buy, but they don’t use it,” argues 
Jerry Brady, chief technology officer at 
Guardent Inc. in Waltham, Mass. Instead, 
he says, all users ask of software vendors 
is that the products be quick to market, 
compatible with the old stuff and cheap. 
Well, you get what you pay for. Brady’s com- 
pany offers consultation and managed se- 
curity services to compa- 
nies that, by and large, 
have already been burned 
by a costly security 
breach. He says packaged 
software is bad, but in- 
house developers “are no 
better or smarter than 
those at Microsoft or Sun.” 
He claims that little has 
een learned by program- 
mers over the years. To 
wit: “I find the same three 
programming errors in appli- P 
cations today that cause 90% 
of the security problems 
that I found 10 years ago.” 
For those who need a re- 
fresher course, they are: 1) 
buffer overflows, 2) format 
string errors, and 3) user 
input validation failures. 
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® Robert Handler, an analyst at Meta 
Group, thinks there has been a “collective 
consciousness change since 9/11” on design- 
ing security into systems from the get-go. 
But he doesn’t see a “holistic way” for en- 
terprise IT architects to accomplish it to- 
day. Jan Popkin, CEO of New York-based 
Popkin Software & Systems Inc., a com- 
pany that has been selling 
IT system architectural 
tools since 1986, agrees 
that 9/11 was a turning 
point. The company bol- 
stered the security fea- 
tures in its recently re- 
leased System Architect 
V9 and will do even more 
in the next version slated 
for later this year. In addi- 
tion to more tightly inte- 
grating security processes 
into the next upgrade, 

ny Popkin will add support 
for the new Department of 
Defense Architectural Frame- 
work and integrate a wider 
array of XML-based busi- 
ness process modeling 
languages. ® Since you 
can’t rearchitect your lega- 
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cy environment, you might consider 
exerting a little more control over it by adding 
security tools such as STAT Neutralizer 
from Harris Corp. in Melbourne, Fla. The 
2.0 version of STAT Neutralizer ships lat- 
er this month with support for Windows 
XP Service Pack 1 and Windows 2000 
Service Pack 3, as well as support for 
HTTP, e-mail clients, instant messaging 
applications and other services. The soft- 
ware doesn’t detect intrusions by viruses 
or worms. Rather, it loads with the OS 
kernel and, through specific rules that 
come standard or are added by system 
administrators, prevents disallowed behavior 
by applications. According to Richard 
Ealiari, director of product strategy at 
Harris, security problems like the Slam- 
mer worm occur because sysadmins nev- 
er get around to loading existing patches 
because they have to manage the down- 
time problem. Plus, most system man- 
agers don’t want to add patches willy-nii- 
ly to their computers without first testing 
them with existing applications. STAT 
Neutralizer can “give users peace of 
mind” until the patches are tested and in- 
stalled, Ealiari says. = More than peace of 
mind is what you'll get starting today 
from Gilian Technologies Inc. The Red- 
wood City, Calif.-based company will of- 
fer a minimum $25,000 money-back guaran- 
tee for Web applications and content that 
are protected by its G-Server security ap- 
pliance. ® Apple’s penchant for secrecy 
mitigated by its love of self-promotion merges 
messily with its Web site housing the 
“public beta” of the rather old-fashioned 
X11 Windows System, the Unix world’s 
graphical user interface. It will run on 
the Mac along with the graphically rich 
OS X (http://developer.apple.com/qa/ 
qa200i/qal232.html), making the project 
sort of a technological oxymoron. Ap- 
propriately, like the future of X11 on the 
Mac, most of the links on the page go 
nowhere. D 








Suite. 


Cisco Launches Network 
Quality-of-Service Tools 


BY MATT HAMBLEN 
Cisco Systems Inc. last week 
introduced automated quality- 
of-service functions for nine 
of its switches and routers, a 
move aimed at helping users 
create converged networks 
that include voice-over-IP 
(VOIP) capabilities. 
Currently, setting up IP net- 
works with VOIP support of- 
ten requires IT managers to 
do complex manual tuning of 


each router ina LAN ora 
WAN, said Zeus Kerravala, an 
analyst at The Yankee Group 
in Boston. The settings are de- 
signed to look at IP packets 
and zip them on their way if 
they are deemed high priori- 
ties, such as voice or video 
traffic. Because the process is 
so complex, only 9% of com- 
panies even turn on quality-of- 
service functions, Kerravala 
said. The result, he added, is 





that some functions, such as 
VOIP, might not be adopted as 
widely as they could be. 

Cisco claimed that its Auto- 
QoS technology can help com- 
panies speed up IP network 
deployments and reduce in- 
stallation costs by as much as 
two-thirds. AutoQoS is free to 
users with licenses and main- 
tenance agreements for Cis- 
co’s internetworking software. 

Glenn Whalley, head of IP 
network engineering at BT- 
exact Technologies in Adastral 
Park, England, is using Auto- 
QoS to set up routers that sup- 
port virtual private network 





services offered by the BT 
Group PLC unit. “(Quality of 
service] is complex to imple- 
ment, and anything automating 
that is a good thing,” he said. 
Nortel Networks Ltd. pro- 
vides technology similar to 
AutoQoS but hasn’t widely 
publicized its availability, ac- 
cording to Kerravala. Ralph 
Santitoro, director of network 
architecture at Nortel, said his 
company has offered default 
quality-of-service settings 
since 1999 on its Passport 
8600 Layer 3 core router, sev- 
eral other routers, a VOIP 
gateway and IP phones. B 
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M, Hitachi ‘Try to Counter 
EMC's Symmetrix Up 


Storage vendors jockey for technology 
leadership in high-end disk arrays 


BY LUCAS MEARIAN 
MC CoRP’s planned 
announcement today 
of a new line of its 
high-end Symmetrix 
disk arrays is shaking up the 
storage industry, with com- 
petitors such as IBM 
and Hitachi Data Sys- 
tems Corp. scram- 
bling to steal EMC’s 
thunder with technology up- 
grades of their own. 

Details about EMC’s plans 
began to emerge in January 
[QuickLink 35699]. Industry 
sources last week said the 


company is expected to roll 


| out an all-new architecture 

| boasting 128 direct, dedicated 

| paths between the channel di- 
| rectors and internal caches in 


the Symmetrix arrays. That 
will increase system band- 
width from 1.6GB/sec. 
now to 64GB/sec., four 
times that of Sym- 
metrix’s closest com- 


| petitor, Hitachi’s Lightning 


9900V array, the sources said. 
Santa Clara, Calif.-based - 


| Hitachi last week tried to 


preempt EMC’s move by an- 


| nouncing that it has doubled 


EMC, Other Vendors Team 
On E-mail Archiving System 


Designed to help 
financial firms meet 
storage regulations 


BY LUCAS MEARIAN 
EMC Corp. last week said it’s 
teaming with Iron Mountain 
Inc. and a vendor of content- 
archiving software to offer 
technology and services aimed 
at financial services firms that 
are under pressure to comply 
with federal mandates to re- 
tain e-mail messages. 

The joint offering is built 
around EMC’s Centera disk 
arrays, which are designed to 
store fixed data, and Enter- 
prise Vault for Microsoft Ex- 
change, a message archiving 
application developed by KVS 
Inc. in Arlington, Texas. 

Boston-based Iron Moun- 
tain, which manages physical 
and digital records for corpo- 
rate users, will provide storage 
services and can host the Cen- 
tera arrays for banks and bro- 
kerages that don’t want to in- 
stall the devices in-house. 


; month. Large fi- 





John McKinley, chief tech- 
nology officer at Merrill Lynch 
& Co. in New York, said the 


| regulatory requirements for 


storing e-mail and being able 
to quickly retrieve messages 


| has created an environment in 


which managed archiving ser- 
vices could be useful. 
“T think cost is certainly an 


important factor,” said McKin- | 


ley, who plans to leave Merrill 
Lynch at the end of this 

nancial services 
firms might be 
able to afford to 


STORAGE DOWNLOAD 


For more coverage of data 


the storage capacity of the 
Lightning 9900V to 126TB in 
| a RAID-5 configuration by 
adding new 146GB drives. 

In addition, IBM today is 


| expected to unveil a Bluefin- 


| compliant storage manage- 
ment interface for its Enter- 
prise Storage Server Model 
800, known informally as 
Shark. Bluefin, a draft specifi- 
cation that the Storage Net- 
working Industry Association 
hopes to finalize by the third 
quarter, is aimed at making it 
easier to manage multivendor 
storage-area networks. 

IBM also plans to announce 
new disk drives that operate 
50% faster than the current 
devices used in the Shark ar- 


| $205,000, KVS’s software costs 


about $250,000 for a 10,000- 
mailbox license, and Iron 
Mountain charges $30,000 to 
$40,000 for basic auditing and 
storage services over an initial 
18-month period. 

Using a Web portal, Iron 
Mountain will also be able to 
access e-mail traffic and other 
regulated data for the govern- 
ment if a company is audited 
or a disaster occurs, said Roy 
Sanford, vice president of con- 
tent-addressed storage at Hop- 
kinton, Mass.-based EMC. 

The idea of hosted storage 
isn’t unusual, and most of the 
top storage-man- 
agement software 
vendors offer 
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e-mail archiving 
and search tools. 
But Peter Gerr, 

an analyst at En- 


logy, head to 


k1700 


nally, McKinley 
said. “But there are a lot of or- 
ganizations where putting the 
type of infrastructure in place 
to address all the compliance 
requirements may not make 
sense,” he added. 

The vendors declined to dis- 
close pricing for the combined 
offering. However, a 5TB Cen- 


terprise Storage 
Group in Milford, Mass., said 
the bundled technology and 
services being offered by 
EMC, Iron Mountain and KVS 
are unique. 

Their package may not nec- 
essarily be less expensive than 
piecing together an e-mail ar- 
chiving system would be, Gerr 





tera array has a list price of 


said. But, he noted, “there’s a 





rade 


rays, as well as expanded data- 
copying and disaster recovery 
features for mainframes that 
run Linux. 

“Both [IBM and Hitachi] are 
clearly paying a lot of atten- 
tion to EMC’s announcement. 
They have no choice,” said 
Tony Prigmore, an analyst at 
Enterprise Storage Group in 
Milford, Mass. “IBM’s protect- 
ing its mainframe position, 
and Hitachi is protecting its 
capacity lead.” 

EMC is expected to an- 
nounce three new Symmetrix 
models, increasing the prod- 
uct line’s top capacity from 
70TB to more than 10OTB. 

“They [EMC] really believe 
the architecture they have puts 


aE 
Archiving 
Allies 


The three vendors will provide 
the following e-mail retention 
capabilities: 

EMC’S CENTERA array will store 
messages on ATA disk drives, 
giving each item a unique 27- 
character identifier to guarantee 
the data’s authenticity. 


Po eeeeeeecesseeseneseeseees 


KVS’'S SOFTWARE will handle 
mailbox management, regulatory 
compliance and complex con- 
tent-search functions. 


See eceeceveceseseeesseseess 


IRON MOUNTAIN will manage 
long-term archiving and indexing 
of messages at customer sites or 
in its own data centers. 


lot of value in the fact that it’s 
an integrated and pretested 
solution.” 

The KVS software also of- 
fers greater granularity than 
storage management applica- 
tions do, in its ability to search 
out specific e-mails, Gerr said. 
“That’s the nature of these 
SEC inquiries: ‘Give us every 
piece of correspondence over 
the past year with these seven 
terms,’ ” he noted. D 
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KEY DETAILS 


Rival Rollouts 


will announce three new 
Stab ati elt Mm eee RI] 
PPCM Sy ere eA) 
more than 100TB and internal 
bandwidth to 64GB/sec. 


plans to add faster disk 
drives, a Bluefin-compatible 
management interface and ex- 
panded Linux storage features 
to its Shark arrays. 


is doubling the capac- 
ity of its Lightning 9900V ar- 
rays to 126TB in RAID-5 con- 
figurations and boosting the 
number of 1/0 connections that 
the devices support. 


them at a tremendous perfor- 
mance advantage,” Prigmore 
said. “That means when I 

get an unexpected workload, 
now I can manage through it 
without compromising the 
performance of any given 
application.” 

Toni Sacconaghi, an analyst 
at Sanford C. Bernstein & Co. 
in New York, said in a research 
note that EMC’s ability to boost 
Symmetrix sales and regain 
lost high-end market share de- 
pends “in part on how it choos- 
es to price its software and how 
competitors such as [Hitachi] 
respond in hardware pricing.” 

Sacconaghi said he doesn’t 
expect a full refresh of the 
Lightning product line until 
next year. But Hitachi will 
likely announce several capac- 
ity and bandwidth upgrades 
this year, he added. 

Likewise, Brian Truskowski, 
general manager of storage 
software at IBM, said the 
planned addition of a Bluefin- 
based programming interface 
“is only the beginning of what 
will be a series of product an- 
nouncements ... around the 
issue of interoperability.” D 


Correction 

Our story about Foote Partners’ 
predictions on outsourcing 
trends on page 12 of last week's 
issue characterized the data as 
part of a “new report.” In fact, the 
research is still ongoing, and the 
data was only preliminary. 
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Homeland Security 


Dept. 


Faces Leadership Void 


Private-sector IT 
waits to see who, 
what emerges 


BY DAN VERTON 
N ONE OF his first moves 
as secretary of Homeland 
Security, Tom Ridge last 
week appointed former 

J.P. Morgan Chase Bank execu- 

tive Alfonso Martinez-Fonts Jr. 

to serve as special assistant to 
the secretary for the private 
sector. 

But much work remains to 
fill key leadership positions at 
the newly formed U.S. Depart- 
ment of Homeland Security 
and avoid losing the momen- 
tum in the public/private part- 
nership on cybersecurity and 
critical-infrastructure protec- 
tion, Bush administration and 
private-sector officials said. 

“I worry that if the transi- 


Changing of the 
THUAN ACLU Et] 


Who’s Out? 

RICHARD CLARKE, chairman 
of the President’s Critical In- 
frastructure Protection Board 
JOHN TRITAK, director of 

the Critical Infrastructure 
Assurance Office (CIAO) 


RON DICK, director of the FBI's 
National Infrastructure Protec- 
tion Center (NIPC) 


JAMES CLAPPER, no longer 
in the running to take over 
the Department of Homeland 
Security's Information Assur- 
ance Division 


Who's In? 

ALFONSO MARTINEZ-FONTS 
JR., special assistant to the 
secretary for the private sector 
HOWARD SCHMIDT, likely suc- 
cessor to Richard Clarke 


NANCY WONG, acting 
director of the CIAO 


ADM. JAMES PLEHAL, 
acting director of the NIPC 





tion period drags on, we'll lose 
much of the gains made in 
establishing a trusted relation- 
ship with the leaders of criti- 
cal infrastructure,” said Roger 
Cressey, former chief of staff 
of the President’s Critical In- 
frastructure Protection Board. 
“Tt is imperative that the new 
department sends a clear sig- 
nal to the private sector on 
who the key contacts are and, 
most important, that they are 


empowered to speak on behalf 


of the secretary.” 

The sense of urgency comes 
as several high-level officials 
— who have led the govern- 
ment’s efforts during the past 
several years to build a part- 
nership with the private sector 


| — have either left or plan to 


leave government service. 

Richard Clarke, whose ca- 
reer as the nation’s first anti- 
terrorism coordinator and 
cybersecurity czar spanned 
three administrations, plans to 
retire this month, Computer- 
world has confirmed. Clarke 
was instrumental in building 
the current partnership with 
the private sector and in draft- 
ing the national strategy for 
the defense of cyberspace, 
which has been signed by the 
president and will be released 
in final form this month. 

Likewise, John Tritak, long- 
time director of the Critical 
Infrastructure Assurance Of- 
fice (CIAO) at the U.S. De- 
partment of Commerce and 
another key player in the gov- 
ernment’s private-sector out- 
reach effort, has also made a 
final decision to leave public 
service, according to sources 
close to him. 

Add two more names to that 
list. Ron Dick, director of the 
FBI’s National Infrastructure 
Protection Center (NIPC) 
since March 2001, left the 
agency in December for a 
position at E] Segundo, Calif.- 
based Computer Sciences 
Corp. 

And James Clapper, director 
of the National Imagery and 





Mapping Agency and a former 
director of the Defense Intelli- 
gence Agency, has backed 
away from an offer to lead the 
new department’s Information 
Assurance Division, sources 
close to the deliberations con- 
firmed. 

IT professionals’ reactions 
to the changes were mixed. 

John Ervin, a systems ad- 
ministrator at Tessy Plastics 
LLC in Lynchburg, Va., is more 
concerned about who’s in the 
trenches. The government 


needs to focus more on 
staffing frontline technolo- 
gists to work with the private 
sector on stopping cyber- 
attacks, he said. 

But the departure of all of 
these “trusted interlocutors,” 
as one private-sector official 
who spoke on condition of 
anonymity characterized 
them, means that the govern- 
ment is losing a lot of “institu- 
tional memory” at a time of 
great turmoil and uncertainty. 

David Wray, a spokesman 
for the NIPC’s transition 
office at the Department of 
Homeland Security, said all 
such fears of losing momen- 
tum in reaching out to the 
private sector are unfounded. 

“We're bringing it all togeth- 


i | worry that if 
the transition 
period drags on, 
we'll lose much of 
the gains made in 
establishing a trust- 
ed relationship with 
the leaders of criti- 


ROGER CRESSEY, FORMER CHIEF 
OF STAFF, PRESIDENT’S CRITICAL IN- 
FRASTRUCTURE PROTECTION BOARD 


er under one roof, and we'll 
actually have resources and 
funding that will put us in a 
better position,” Wray said. D 





J.D. Edwards Upgrades CRM 
Tools, Adds Ties to Back Office 


BY MARC L. SONGINI 
J.D. Edwards & Co. last week 
took the next step in binding 
its back-office software with 
the customer relationship 
management (CRM) applica- 
tions that the company bought 
through its acquisition of You- 
Centric Inc. in late 2001. 
Denver-based 
J.D. Edwards an- 
nounced Version 
2.0 of its CRM suite, saying the 
upgrade includes 175 enhance- 
ments and expanded integra- 
tion with its supply chain man- 
agement and enterprise re- 
source planning applications. 
Robbie Herzig, senior mar- 
keting manager for CRM at 
J.D. Edwards, said the compa- 
ny’s main objective for the 
new release “is to continue to 
build on the visibility the cus- 
tomers are asking for from the 
front office to the back office.” 
For example, J.D. Edwards 
has connected its contact cen- 
ter application to its field ser- 
vice software, letting mobile 
customer-service workers 
look at account histories, war- 
ranty data and other informa- 
tion, Herzig said. 
There is also now a tie-in 
between the company’s sales 
force automation applications 


and supply chain software. 
That feature will give demand 
planners access to real-time 
data feeds from salespeople in 
addition to historical sales in- 
formation, she said. 

The supply chain and CRM 
integration appeals to Brian 
Capone, director of marketing 

at Hutton Commu- 

nications Inc., a 

Dallas-based dis- 
tributor of wireless communi- 
cations products. He said Hut- 
ton’s sales force now relies on 
two systems — contact man- 
agement software from Best 
Software Inc. in Reston, Va., 
and J.D. Edwards’ OneWorld 
XE applications — to check 
inventory and do 


other supply chain- CUSTOMER-CENTRIC 


For more CRM resources, head 
to our Knowledge Center: 


@ QuickLink 1300 
www.computerworld.com 


related functions. 
But Hutton plans 
to replace Best’s 
technology with 
].D. Edwards’ new 
CRM software within the next 
four months, Capone said. 
The combination of the 
CRM and OneWorld XE ap- 
plications should give Hut- 
ton’s 50 mobile and in-house 
sales staffers an integrated set 
of software for doing things 
such as generating price 
quotes and checking product 


stock levels, Capone noted. 

J.D. Edwards is also embed- 
ding multichannel customer- 
contact capabilities in the 
CRM upgrade and adding an 
option that lets mobile work- 
ers run sales applications 
when they’re off-line and then 
synchronize the data with 
back-office systems when they 
reconnect to their corporate 
networks, Herzig said. 

At its Focus 2002 user con- 
ference last June, J.D. Edwards 
promised increased ties be- 
tween its back-office applica- 
tions and the CRM tools de- 
veloped by Charlotte, N.C.- 
based YouCentric [QuickLink 
30542]. J.D. Edwards bought 
YouCentric 15 
months ago after 
previously re- 
selling Siebel 
Systems Inc.’s 
CRM software. 

John Moore, 
an analyst at ARC Advisory 
Group Inc. in Dedham, Mass., 
said J.D. Edwards doesn’t offer 
as full a set of CRM function- 
ality as Siebel and other ven- 
dors do. 

But for most of the midsize 
users that J.D. Edwards targets, 
the CRM software “fits per- 
fectly,” he said. B 
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as the world leader in creating secure networks, Cisco believes you should never have 
to rely on chance alone. 


Learn how Cisco routers, switches, and security appliances can help you secure 


your network and deliver a greater return on your investments in technology. 


Copyright © 2003, Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, IOS, and PIX are registered trademarks 
or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document 
or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco 
and any other company. 


Cisco intelligent switches and routers offer an array of 
embedded security features, enabling you to implement 
the level of security you need today and to safely deploy 
IP telephony, wireless mobility, and other solutions in 
the future. Integrated features include: 


Identity-based network services: Using the 802.1x 
authentication protocol, the network grants privileges 
based on personal logon info, rather than the device 
being used. 


Access control lists: Users are restricted to designated 
areas of the network, blocking unauthorized access 
to all other applications and information. 


Encryption: |PSec Virtual Private Networks provide 
secure tunnels across public networks, establishing 
secure connections for remote sites and mobile users. 


Virtual LANs: Traffic on the LAN can be isolated based 
on users and applications or business requirements, 
shielding data from prying eyes. 


Rate limiting: Network managers can set bandwidth 
thresholds, helping to prevent the deliberate or 
accidental flooding of the network. 


Intrusion protection: The network continually scans 
for signs ofhackers, taking immediate steps to stop 
them before damage is done. 


Content filtering: Users are prevented from accessing 
objectionable Web content, minimizing legal exposure 
and reducing unnecessary WAN traffic. 


SSL optimization: Exploding volumes of SSL traffic can 
be offloaded from servers, cost-effectively scaling 
application performance and reliability for network 
users, while simplifying certificate management. 


Cisco SYSTEMS 
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Siebel, IBM Plan 
To Link Software 


Siebel Systems Inc. and IBM 
said they plan to work together 
to integrate Siebel’s customer 
relationship management (CRM) 
software with IBM’s WebSphere 
middleware products. Siebel’s 
application server technology 
will be used to support only 
CRM-specific functions in the 
future, the companies said. 


SAP Adds Too! for 
Homeland Security 
Functions . . . 


SAP AG announced an applica- 
tion that’s designed to support 
homeland security functions, 
including border management, 
emergency planning and infor- 
mation analysis. The company 
said the Security Resource Man- 
agement software uses its new 
NetWeaver application integra- 
tion technology and includes 
e-government tools. 


... And Reports Q4 
Increase in Profits 


SAP also reported its fourth- 
quarter financial results, which 
showed a 49% year-over-year 
increase in profits despite a 
small revenue dip. Net income 
totaled $510 million at current 
euro-to-dollar conversion rates, 
up from $343 million in the 
fourth quarter of 2001. Revenue 
fell 2% to $2.45 billion, but SAP 
said it expects “modest” sales 
growth this year. 


Short Takes 


SYBASE INC. in Dublin, Calif., 
reported a $9.8 million fourth- 
quarter loss as revenue fell 11% 
year over year to $210.6 million. 
. . The U.S. Supreme Court 
ruled that NEXTWAVE TELECOM 
INC. can keep 63 wireless spec- 
trum licenses that the govern- 
ment tried to take back after the 
Greenwich, Conn.-based com- 





pany sought bankruptcy protec- 
tion in 1998. 


Continued from page I 


Slammer 


hold some responsibility for 
their negligence,” said Mike 
Tindor, vice president of net- 
work operations at First USA 
Inc., an Internet service pro- 
vider in St. Clairsville, Ohio. 

Several of the network per- 
formance problems First USA 
suffered because of Slammer 
resulted from three unpatched 
systems that it was co-locating 
for customers. “Obviously, 
{the problems] could have 
been avoided if our customers 
had performed the proper se- 
curity updates,” Tindor said. 

Yet despite the need, few 
companies have the resources 
it takes to keep current on all 
the recommended patches and 
security advisories that inun- 
date them almost daily, users 
and analysts said. 

“Systems administrators 
spend a lot of their time ad- 
dressing day-to-day problems, 
so routine things such as up- 
dates get pushed into the back- 
ground,” said Jesse Fussell, 
president of Information Secu- 
rity Systems Inc., an Edgewa- 
ter, Md.-based consultancy. 


Patch Problems 

Software patches themselves 
are often unwieldy and diffi- 
cult to apply and sometimes 
can break the systems they are 
intended to fix. 

For instance, the patch that 
Microsoft had made available 
for the hole Slammer exploit- 
ed involved in some cases a 
“brutally slow and manual 
process,” said Chip Andrews, 
owner of SQLSecurity.com, 

a site dedicated to securing 
SQL servers. 

As a result, at least “some 
administrators put off the 
patch because of the sheer 
time it would take to patch a 
production machine,” said Ben 
Koshy, technical manager at 
W3 International Media Ltd., a 
hosting company in Vancou- 
ver, British Columbia. 

Pat Hymes, vice president 
of corporate information secu- 
rity at Wachovia Corp. in 
Charlotte, N.C., said maintain- 
ing patches can be a challenge 
for any organization. 
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“It can take a great deal of 
time and energy to download, 
test and implement service 
packs and hot fixes, especially 
in large organizations where 
they can impact hundreds of 
applications and thousands of 
servers,” Hymes said. “The 
total cost of ownership for 
servers running 
some of these dis- 
tributed [operat- 
ing systems], data- 
bases and Web 
software is going 
through the roof 
due to the man- 
power being ex- 
pended to main- 
tain patches and 
respond to events 
like the SQL Slammer worm.” 

Claude Bailey, an IT secu- 
rity analyst at one of the na- 
tion’s largest financial man- 
agement firms, said the prob- 
lem lies not in detecting the 
vulnerability but in deploying 
the patches and fixes across 
an organization of 50,000 
employees and guaranteeing 
that the patch won’t cause 
more problems. 

“We tested the original 
patch [for the SQL vulnerabil- 
ity], and it had problems,” said 
Bailey. And now, in the middle 
of tax season, there’s too much 
to lose in deploying patches 
that break other parts of the 
network, he said. As a result, 
the financial firm has placed 


We strug- 
gle with 
the same issues 
as the rest of 
the industry. 


See ereccesesecsssesceseres 


RICK MILLER, SPOKESMAN, 
MICROSOFT CORP. 





a freeze on any such mainte- 
nance until tax season is over. 

The patching issue becomes 
even harder when dealing 
with patches that touch core 
systems like a database server, 
said Eric Block, information 
security officer at Dallas- 
based Mary Kay Inc. 

“Database ad- 
ministrators can 
get very nervous 
when you tell 
them that a secu- 
rity patch could 
break their serv- 
er,” said Brock. 
As a result, de- 
cisions about 
patches some- 
times can be- 
come a “risk-rewards judge- 
ment call,” he said. 


Microsoft’s Woes 

Even Microsoft itself wasn’t 
above such oversight last 
week, with several unpatched 
systems becoming infected 
by Slammer. 

“We struggle with the same 
issues as the rest of the indus- 
try,” said Rick Miller, a Micro- 
soft spokesman. “Some don’t 
patch for time management 
reasons, some out of over- 
sight. At the end of the day, it 
should have been patched.” 

Vendors have contributed 
to the problem by failing to 
provide enterprise-class 
patching and updating proc- 
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esses, said Paul Schmehl, 
adjunct information security 
officer at the University of 
Texas in Dallas. The univer- 
sity lost Internet connectivity 
for about 13 hours because 

of Slammer, according to 
Schmehl. 

“Most vendors are still writ- 
ing software for individual 
boxes instead of thinking 
about scaling processes to 
make them usable,” he said. 

It is in response to such 
concerns that Microsoft is 
revamping its processes for 
developing and distributing 
patches, Miller said. 

For instance, the company 
has begun to make available 
easy-to-use installers for auto- 
mating much of the patching 
process, Miller said. Microsoft 
is also working on tools that 
help companies scan their 
networks and identify vulner- 
able systems more efficiently, 
he added. 

“We recognize that we need 
to do a much better job devel- 
oping and delivering patches,” 
Miller said. “We are working 
on it.” D 
Computerworld’s Dan Verton 
contributed to this story. 


MANAGE THOSE PATCHES! 


New tools help, but there's still no easy way 
to identify new patches and prioritize installs: 


QuickLink 30912 
www.computerworld.com 


Free Rencimnnrhins Tool Could Have ics SQL Hole 


Not only could companies have 
slammed the door on the Slam- 
mer worm if they had installed 
the Microsoft patch, but they 
also could have prevented it by 
using a free benchmarking tool 
developed jointly by the govern- 
ment and the private sector. 

The Consensus Minimum 
Security Benchmarks, also 
known as the Gold Standard, 
were made available to the pub- 
lic last July. Developed by five 
federal agencies in collaboration 
with the SANS Institute and 
the Center for Internet Security 
(CIS), the Gold Standard bench- 
mark is used to test Windows 
2000 Professional systems 


for proper configuration [Quick- 


: Link 33500]. 


Alan Paller, director of re- 


: search at the SANS Institute 

: in Bethesda, Md., said a National 
: Security Agency study of the 

: benchmark concluded that by 
= running it on a network, a com- 
‘pany could eliminate more than 
: 90% of known vulnerabilities. 
: The database-specific vulnera- 
: bilities exploited by the Slammer 
: worm would have been among 
> them, he said. 


Pat Hymes, vice president of 


: corporate information security 
: at Wachovia, a CIS member 

= company, said the Gold Stan- 
: dard benchmark serves as an 
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“excellent baseline” for security 
testing. And because it’s avail- 
able for free, Hymes added, 
“there's no reason not to use it.” 

But awareness continues to 
be a challenge, said Clint Kreit- 
ner, president of CIS, a Hershey, 
Pa.-based nonprofit security 
standards consortium of more 
than 170 companies. 

For example, Maurice Rieffel, 
an IT security analyst at a major 
energy company in Louisiana, 
said he was aware of the bench- 
mark but hadn't realized that it 
tested for the SQL database vul- 
nerability exploited by the Slam- 
mer worm. 

~ Dan Verton 





Your Enterprise Monday 10:32 A.M 


Now you can know 
what, when, where 
and how data change 
has occurred. 


Tripwire® assures the integrity of your data 
and gives you the ability to effectively pinpoint 
and manage undesired change across all your 
servers and network devices. By establishing 
a baseline of data in its known good state, 
Tripwire software monitors and reports any 
changes to that baseline and enables rapid 
discovery and recovery when an undesired 
change occurs 


Maximize System Uptime 

m Identify change quickly 

® Enable quick restoration to a desired state 
& Eliminate risk and uncertainty 


Failsafe Foundation for Data Security 
™@ Ensure the integrity of your data 

™ Enable detailed audit reporting 

® Granular visibility and control 


Lower Costs and Frustration 
@ Greatly reduces the time it takes to 
find and diagnose problems 
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Tripwire's data integrity assurance solutions 
are the only way to have 100% confidence 
that your systems remain uncompromised 

In the event of a change in state, you'll know 
exactly what, when, where and how change 
has occurred so you can recover quickly 


For a FREE 30-day fully-functional demo 
and copy of the white paper “Data Integrity 
Assurance in a Layered Security Strategy...”, 
call toll-free: 1-800-TRIPWIRE (874.7947) 
or visit http://enterprise.tripwire.com today! 
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Continued from page I 
Cartridges 


reproduce a cartridge chip’s 
functionality. 

And now, a company that 
has so far overcome the tech- 
nological challenges posed by 
the printer makers is 
being sued by Lex- 
mark International 
Inc. Lexmark alleges 
that Static Control 
Components Inc. 
(SCC) in Sanford, 
N.C., is illegally copy- 
ing its printer com- 
puter chip technology. 

The two sides will 
face off in a federal 
court hearing Friday 
in Lexington, Ky., the home 
of Lexmark. It’s a case that 
the remanufacturing indus- 
try, also called the aftermar- 


ket, sees as key to its fate. 

“This lawsuit is an industry 
killer,” said Tricia Judge, execu- 
tive director of the Internation- 
al Imaging Technology Council 
in Freehold, N.J. If remanufac- 
turers are blocked from repro- 
ducing computer chips, Judge 
said, they won’t be able to offer 

low-cost alterna- 
«\ tives. “We have to 

win,” she said. 

Remanufacturers 
have about 25% of 
the toner cartridge 
market, according to 
industry estimates. 

Eby-Brown Co., a 
$3 billion wholesale 
distributor of conve- 
nience store goods, 
is a large user of re- 
manufactured cartridges. The 
Naperville, Ill.-based company 
saves 20% to 50% buying re- 
manufactured cartridges, said 
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Brian Freeman, network ser- 
vices manager at the company. 
Eby-Brown has standard- 


ized on a limited model line of 


Hewlett-Packard Co. printers, 
so it’s practical to keep an in- 
ventory of printer parts for in- 
house repairs, said Freeman. 
“Most companies are like me 
— we are extremely tied to 
our printer vendor,” he said. 

But this printer standardiza- 
tion also means the remanu- 
factured toner cartridges are 
the only source of competition 
with those made by the print- 
er maker. “Anytime there is no 
competition, the quality de- 
clines and the price increas- 
es,” said Freeman. 

The Lexmark lawsuit, filed 
Dec. 30, affects only two of 
SCC’s 70 printer parts lines. 
SCC has stopped producing 
the chips for those cartridges, 
pending the outcome of this 
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week’s hearing. But SCC CEO 
Edwin Swartz said he worries 
other original equipment man- 
ufacturers (OEM) will follow 
Lexmark if it succeeds in court. 
“The OEM is not the friend 
of the aftermarket,” said 
Swartz. “Every cartridge that 
is remanufactured is one that 
the OEM doesn’t get to sell.” 
Lexmark officials told Com- 
puterworld that the company 
offers users the option of buy- 
ing cartridges without an up- 
front discount or “prebate” if 


CA Ships CleverPath Portal Upgrade, 
Bundles New Tools With Software 


Rollout part of plan 
to ease integration 
burden for users 
BY MARC L. SONGINI 

Computer Associates Interna- 
tional Inc. this week plans to 
announce a software suite that 
tightly integrates its portal 
server with business intelli- 
gence tools, an end-user dash- 
board, access-control technol- 
ogy and other capabilities. 

The planned rollout is part 
of a bundling strategy CA de- 
tailed last month for its Clev- 
erPath Portal software [Quick- 
Link 34755]. By combining the 
portal with various tools, CA 
hopes to take away some of 
the integration headaches for 
IT managers who currently 
have to try to cobble together 
different applications, said 
Ricardo Antuna, senior vice 
president of CleverPath mar- 
keting at CA. 

Among the planned en- 
hancements, he said, is the lat- 
est CleverPath Portal release. 
Version 4.5 will have new Java 





hooks and a redesigned user 
interface. 

CA will also add several op- 
tions to the portal, including a 
Lightweight Directory Access 
Protocol-compliant product 
that will let IT managers im- 
plement single sign-on ap- 
proaches to authenticate end 
users who want to access in- 
formation through the portal. 


Compliance Tool 
Also coming is a new dash- 
board-style user interface that 
will let business executives ac- 
cess key data via a single con- 
sole, an end-user collaboration 
tool and a product that can 
scan a company’s financial 
data to detect potential fraud. 
The latter tool, which is being 
offered through a co-develop- 
ment partnership with McLean, 
Va.-based IT consulting firm 
BearingPoint Inc., is aimed at 
helping companies comply 
with the Patriot Act and other 
government regulations. 
Antuna said CA wiil also of- 
fer an upgraded version of a 
software tool that can be used 





CA’s Portal Push 


The software vendor plans to 
announce the following new 

or enhanced products as part of 
its CleverPath Portal offering: 


CLEVERPATH FOR GLOBAL 
COMPLIANCE, to help com- 
panies comply with financial 
reporting rules. 


CLEVERPATH ADVANCED 
ACCESS CONTROL OPTION, 
for centralizing IT security via 
single sign-on capabilities. 


CLEVERPATH COLLABORA- 
TION OPTION, to support 
collaboration across multiple 
communications channels. 


CLEVERPATH DASHBOARD, 
which provides a single user 
interface for business execu- 
tives or other employees. 


to build business rules into 
systems. The new release will 
be able to generate rules that 
can invoke multiple systems 
through Web services and 
create automated business 
workflows. 





CSX Corp. is already beta- 
testing Version 4.5 of the por- 
tal and may upgrade by year’s 
end, said Lisa Balter, director 
of commercial applications at 
the Richmond, Va.-based op- 
erator of railroads and other 
shipping businesses. Current- 
ly, CSX runs both CA's Uni- 
center enterprise management 
applications and CleverPath 
Portal 3.5. 

Balter said CSX is also ex- 
ploring the possibility of 
rolling out the new end-user 
dashboard. The dashboard is 
appealing because it lets end 
users drill down into data and 
manipulate the information in 
different ways, she said. Buying 
an integrated suite is prefer- 
able to installing and linking 
multiple applications, as long 
as the functionality meets ac- 
ceptable levels, Balter added. 

CleverPath Portal 4.5 and 
the regulatory compliance 
software are available now, 
and CA said the other tools 
are due in March. Pricing for 
the full suite totals about 
$200,000. B 


$6.4B $8.2B 





$628M $1.1B 


35% 


they choose not to return the 
cartridges to Lexmark. Those 
cartridges can be remanufac- 
tured without SCC’s chip and 
“will perform without loss of 
functionality,” they said. 

SCC acknowledged that 
that’s the case but contended 
that businesses buy only the 
discounted cartridges. “It’s all 
a sham to stop remanufactur- 
ing,” Swartz said. 

Lexmark’s 17-page lawsuit 
alleges that SCC’s computer 
chip infringes on its software 
copyright as well as the Digi- 
tal Millennium Copyright Act 
(DMCA), the controversial 
1998 law established to combat 
piracy. And it’s the DMCA in- 
fringement allegation that 
makes the case a potentially 
far-reaching one. 

Although the DMCA was 
originally aimed at stemming 
piracy of software, music and 
motion pictures, its anticir- 
cumvention provision applies 
to almost any copyrighted ma- 
terial that’s being accessed, 
said David Hayes, chairman of 
the intellectual property group 
at Palo Alto, Calif.-based law 
firm Fenwick & West LLP. 

Under the DMCA, it’s con- 
ceivable, for instance, that a 
hardware maker could prevent 
interoperability with other 
systems by citing the law’s 
anticircumvention provisions. 

“In order to block competi- 
tors from interoperating with 
your products, all you need is 
some flimsy authentication 
handshake,” said Fred von 
Lohmann, an attorney at the 
Electronic Freedom Founda- 
tion in San Francisco. “This 
same tactic can be used in al- 
most any arena.” D 


SHOP WISELY 


Firms should use caution when doing busi- 
ness with toner cartridge remanufacturers: 


QuickLink 36028 
www.computerworld.com 
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Something you can expect from our vast experience. 


NTT/VERIO IP and managed network services are comprehensive and sophisticated. 
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accountable for its consistent and reliable performance. Which, we feel. is only wise 
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OPINION 


MARYFRAN JOHNSON 


our Outsourced Future 


EADER REACTION was swift and scorn- 
ful last week after we ran a story pre- 
dicting that 35% to 45% of existing IT 
jobs in the U.S. and Canada will be out- 


sourced, shift 


d to contractors or moved 


offshore within the next two years [QuickLink 
35866]. So many jobs? So soon? No way. Headline- 
grabbing nonsense, this was. 


That was my initial re- 
action, too. Analyst pre- 
dictions tend to be noto- 
riously off base, although 
we in the press cheerful- 
ly troop along and write 
stories about them any- 
way. As one reader put it, 

“T think that you guys are 
sometimes guilty of 
oversimplification of the 
issues.” Indeed. 

In 10 years, though, I 
suspect we'll see these 
painful outsourcing trends as the in- 
evitable transition of a workforce in 
a maturing industry that plays a crit- 
ical role in the emerging global econ- 
omy. What IT is going through today 
mirrors what the automobile and 
electronics industries went through 
in previous decades, as once-valued, 
highly paid skills became commodi- 
tized, automated or more cheaply 
available elsewhere. New skills rise 
in value to keep pace with changing 
technologies, sharpening competi- 
tion and shifting business needs. 
Outsourcing trends historically 
move in great waves, cresting in eco- 
nomic downtimes when cost savings 
become paramount. 

Our government has certainly em- 
braced outsourcing. Federal IT out- 
sourcing is expected to hit $15 billion 
annually by fiscal 2007 — a 127% 
increase over the $6.6 billion spent 
last year. That push is coming from 
two directions: a mandate to cut 
costs, and the increasing difficulty 
of replacing qualified technical and 
program management employees 
[QuickLink 35533]. 

We can also see outsourcing tak- 


ing hold in the bellwether 
financial industry. Mega- 
deals are making head- 
lines again, as they did in 
the early 1990s. J.P. Mor- 
gan Chase recently signed 
a seven-year, $5 billion 
deal with IBM. Bank of 
America inked a 10-year, 
$4.5 billion deal with EDS. 
Canadian Imperial Bank 
of Commerce signed up 
for $2 billion in IT ser- 
vices from Hewlett- 
Packard. And so on. When Gartner 
researchers surveyed 39 Fortune 500 
banks a few months ago, they found 
half of them outsourcing back-office 
and operational tasks more exten- 
sively than ever. Intensifying compe- 
tition, a depressed economy and the 
attraction of the pay-as-you-go mod- 
el for IT services are a powerful trio 
of business drivers. 


| 





Offshore outsourcing is also rising, 
as the economic lure of cheaper pro- 


| grammer labor continues to beckon. 


The one wild card that may slow the 
trend this year is the threat of war 
with Iraq. Yet Forrester Research es- 
timates that the $4 billion in U.S. 
wages that floated offshore in 2000 
will become a riptide of $136 billion 
and 3.3 million IT-related jobs by 
2015. Web-based collaborative tools, 
inexpensive bandwidth and stan- 
dardized business applications make 
it easier to contract out maintenance 
and support. 

In spite of all this, I see a silver lin- 
ing in this outsourcing cloud: the 
way American IT executives are ris- 
ing — or will rise — to the challenge 
of managing projects involving 
workers outside their companies and 
around the world. Forrester is releas- 
ing a report today called “Unlocking 
the Savings in Offshore,” in which 
analyst John McCarthy lays out some 
of the best practices involved in 
making these projects work. They 
include centralized management, 
commitment and support from se- 
nior executives, and relentless proj- 


| ect discipline. 


No rocket science. No great mys- 
teries. Nothing you can’t handle. Af- 


| ter all, isn’t this the industry where 
| the one constant is change? D 
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PIMM FOX 
Free Speech 
Benefits IT 


HE IT COMMUNITY 

has always thrived on 

free speech. The ex- 
change of information gives 


users essential ways to com- 
pare experiences, develop new prod- 
ucts and enhance the affordability and 
usability of all types of systems. Un- 
fortunately, the benefits of openness 
aren’t acknowledged in the end-user 
license agreements that vendors force 
customers to sign. 

Now, though, vendors may find that 
they’ll have to rewrite all those agree- 
ments to take into account a decision 
recently released by New York State 
Supreme Court Justice Marilyn Shafer. 

The ruling focused on a case involv- 
ing language contained in Network As- 
sociates’ license agreement prohibiting 
a user from publishing a review of its 
security software 
without prior ap- 
proval. The court 
clearly stated that the 
ban was deceptive 
because the license 
agreement gave cus- 
tomers the impres- 
sion that they would 
be violating the law 
when they would not. 

In essence, the 
court said making 
someone afraid to 
write something is the same as pre- 
venting him from writing it in the first 
place. And this typically is what goes 
on with a license agreement. 

License agreements restrain cus- 
tomers from disclosing vital product 
performance data, make it impossible 
for them to seek legal redress for dam- 
ages caused by product flaws and can 
bar them from revealing their vendor 
experiences without first obtaining 
approval from the vendor. It’s hardly 
surprising, then, that most customers 
have only good stories to tell. 

Where’s the benefit in that? 

Imagine the motion picture industry 
making movie viewers sign an agree- 
ment granting prepublication approval 
rights to anything they may write 
about a film. All the reviews would be 
positive. With such a policy, the auto- 
mobile industry could ensure favor- 
able coverage before a would-be re- 
viewer even switched on the ignition. 
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Introducing Information Availability. 
it’s business continuity and more. 


It’s not just about protecting data. It’s about keeping people 
connected to it so your business runs uninterrupted, 24x7. 


Typical business continuity solutions go to great depths to back up applications, 
networks and business-critical information. But what they don’t do is protect your 
organization’s access to it all. That’s where a SunGard Information Availability 
strategy comes in. 
Information Availability goes beyond business continuity by combining technology, 
redundant infrastructure and technical expertise to keep your people and information 
connected, no matter what. When you understand 
the many ways disconnects can happen, you'll see 
why Information Availability is the best way to 
prevent them. Business continuity plans may 
incorporate one or more of the following features, 
but only a SunGard Information Availability strategy 
offers all of these from one source. 


It’s a place to go when workers 
can’t go to work. 


Business continuity plans rarely plan on an emergency closing 
your Office or building. A SunGard Information Availability strategy : 
does. We can place your people immediately at our over 15,000 
end-user positions in up to 55 
cities — all convenient to i 
commercial centers and * 
airports. And if you want to keep 
your people close, we can even 
come to you. With 39 fully-equipped mobile facilities, we have the most 
flexible mobile recovery fleet in the industry, ready to roll to virtually 
any location. 


It’s replication of 
your IT system. 


Nobody’s IT network of operating 


It’s confident customers, 
always in contact with you. 


Disaster could well strike your 
company. But with an Information 
Availability plan from SunGard, 


your customers may never know it. 


SunGard can help you engineer 
a solution that meets your 
information availability 
requirements. 


systems, servers and 
software works quite 
like yours. SunGard’s 
Information Availability 
program can provide 
you with an optimally 
configured, perfectly 
maintained and 
scalable system, pre- 
tested, ready and 
waiting to continue your critical 
business processes at a 
moment's notice. 





It’s hardened facilities and high-level security. 


SunGard maintains more than 3 million sq. ft. worldwide of 
strategically placed, hardened facilities, providing you with 
high availability to your information and virtually no downtime. 
Well-staffed facilities feature fully redundant power and 
communications, state-of-the-art equipment, multi-platform 
compatibility and high levels of security. 


It’s off-site data 
storage that’s 
truly off site. 


Some continuity plans 

incorporate in-house 

backup tapes and stor- 

age. But they’re useless 

in a power failure, fire or 

: ‘ evacuation. SunGard’s 

It’s a dedicated, off-site storage is a key part of Information Availability. Our 
redundant network file sharing, primary storage and data backup services are 
backbone. unrivalled for data integrity and reliability. And they free up 
your equipment and people for other purposes. 


Every SunGard location is 
connected by nearly 25,000 


miles worldwide of dedicated ’ : 
network backbone, providing It’s platform-independent professionals 


on-demand or dedicated bringing it all together. 
DS1/DS3 protocol- 
independent 
communications. 


With SunGard, more than 2,000 Information Availability experts 
are at your fingertips. We can help you with everything from 
vulnerability assessment and 

impact analysis to planning, tech- SUNGARD ® 
nology integration, network and 

architecture solutions, deployment, Availability Services 


testing and certification. Everything The Net Beneath You 
you need to keep your business 


running, no matter what. 
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Don’t let lost access to information take your company down. 
Stay up and running with an Information Availability strategy. 


Talk with us. An Information Availability strategy from SunGard can be a life-saver when it 
comes to keeping people and information connected. Data is more time-sensitive than ever. 


And SunGard’s complete continuum of services can protect your information’s availability, 


enterprise-wide. From tiered applications recovered as fast as 
48 hours, to high availability applications in as little as 2 hours, 
to managed services that provide continuous access to critical 
information. 

SunGard offers the industry's most comprehensive Information 
Availability services — from planning, traditional disaster recovery, 
network and managed services to IT outsourcing, professional 
consulting and high availability solutions. Plus, end-user recovery 
facilities where your people can go to reconnect with data in an 
emergency. In fact, nearly 90% of U.S. companies with $1 million 
or more in revenue are located within 35 miles of one of our facilities.” 


Every day, we help ensure that over 10,000 


clients worldwide have uninterrupted access to 
their business-critical information. They count 

on us to supply the people, technology and 
infrastructure necessary to provide multiple 
points of access to information, flexible alternate 
workplace options for their employees, and 
updated continuity plans and systems to meet 


their future technology needs. 


SunGard is one of the largest providers of 


platform-independent business continuity, 

managed hosting services and more. No 

company has more ways to keep your business in business. See how your company 
rates on Information Availability right now. Take our Information Availability Challenge at 


www.availability.sungard.com/iac 


SunGard: The Net Beneath You. 
With SunGard you get 


¢ the company that founded the recovery 


* comprehensive support for more than 


30 platforms Availability Services 


e 75 facilities in 10 countries with more than 
15,000 end-user positions worldwide The Net Beneath You 


www.computerworld.com 





In response to the ruling (which it’s 
appealing), Network Associates said it 
was trying to ensure that reviews re- 
flect the latest release of a product. 
That’s like saying you can’t review 
Casablanca without prior approval if 
it’s not the latest colorized release. 
The software industry seems to still 
believe it deserves special treatment 
— treatment placing most consumers 
at a disadvantage. 

While the ruling doesn’t have much 
force outside of New York (too bad 
Silicon Valley users didn’t take the 
lead on this), it should embolden cus- 
tomers to demand less restrictive end- 
user agreements. 

It’s time to force vendors to craft 
language that helps your business, al- 
lows for dialogue to make it easier to 
do your job and inspires the openness 
IT users need to remain innovative 
and vital. 

Without these changes, we’ve lost 
more than just better software; we’ve 
lost a basic tenet of free speech. D 


THORNTON MAY 


Tell the Truth 
Effectively 


NFORMATION technolo- 

gy leaders are often de- 

scribed as “ambassadors” 
for our profession. In the first 


part of the 17th century, the 
father of the British foreign service, 
Sir Henry Wotten, described the am- 
bassadorial function this way: “An am- 
bassador is an honest man sent to lie 
abroad for the good of his country.” 

In these trust-sensitized times, are 
IT leaders lying for the sake of our 
discipline when, say, they promote ex- 
pensive projects? Or are they simply 
poor communicators who don’t know 
their audience? 

In association with the College of 
Business at Arizona State University, I 
examined the IT “messaging” ecosys- 
tem (i.e., message sender, messages 
being sent, executives receiving the 
messages and the actions taken be- 
cause of the message) at 35 companies 
operating in 15 vertical markets. And 
while the results showed that IT exec- 

tives are mostly telling the truth, 
they’re not telling it in the right way. 

Communications — what we say, to 
whom we say it and how we say it — 
is a significant and potentially suc- 
cess-limiting blind spot for many IT 
organizations. Most IT shops don’t 


OPINION 


measure the effectiveness of 
their messages (for exam- 
ple, whether the message 
sent produced the desired 
behavior change). 

Non-IT executives prefer 
human-to-human, experi- 
ence-rich interactions over 
any other form of informa- 
tion exchange. But the data 
from the study revealed the 
following distribution of 
communication modes by 
IT leaders: 

= E-mail 

= Meetings 

= Telephone 

™ Face to face 

® Other 

IT professionals do not spend 
enough time involved in high-impact, 
person-to-person conversations. 

Research indicates that humans are 
nine times more prone to broadcast 
ideas than to receive them. So, for your 
“broadcasts” to have any impact, you 
must know your audience. If you’re to 
have any luck inducing buy-in and 


behavior change, you must 
understand where your lis- 
teners’ heads are. Many IT 
message senders have no 
map of the mental beaches 
their messages will wash 
up on. IT leaders do not 
spend enough time craft- 
ing their messages for their 
audience. 

In an overcommunicated 
world, sometimes the best 
messaging strategy is to 
say nothing. Recall Presi- 
dent George W. Bush’s de- 

cision not to give a speech on the an- 
niversary of the Sept. ll tragedy but 
rather to spend nearly two hours at 
Ground Zero embracing fathers, sons, 
mothers and daughters who lost loved 
ones. He understood the important 
context of the moment. 

Knowing to whom we are communi- 
cating is one component of IT messag- 
ing. Knowing why we communicate is 
another. Gen. Ulysses S. Grant, coming 
upon the 14,000 Confederate defend- 
ers at Fort Donelson in February 1862, 
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knew exactly to whom he was speaking 
and exactly what he wanted when he 
crafted this message: “No terms except 
an unconditional and immediate sur- 
render can be accepted. I propose to 
move immediately upon your works.” 

IT leaders may be articulate, but 
they can do a better job of communi- 
cating. Context-specific communica- 
tion is best learned through role-play- 
ing exercises. 

I look forward to the day when IT 
messages combine the hard-hitting 
journalism of Woodward and Bern- 
stein, the social relevance and call to 
action of Upton Sinclair’s The Jungle 
or Rachel Carson’s Silent Spring, and 
the in-the-moment sensation of a Sur- 
vivor episode. Then, perhaps, the cor- 
porate muggles (executives who aren't 
wizards of technology, to borrow a 
term from Harry Potter) will look for- 
ward to hearing from us. D 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site: 
www.computerworld.com/columns 











Small Businesses Get Help Selling to Feds 


HERE’S A PRESUMPTION with- 

in the federal government that 
large businesses can figure out the 
“federal labyrinth” on their own 
(“Federal Labyrinth Stifles IT Ven- 
dors,” QuickLink 35305). We as- 
sume, however, that small busi- 
nesses need assistance in dealing 
with government contract opportu- 
nities. By law, almost every federal 
agency has an office that provides 
advocacy, outreach and assistance 
for small businesses. These points 
of contact can be found by going to 
an agency's Web site (see First- 
Gov.gov for direct links) and then 
searching for “OSDBU” (Office of 
Small and Disadvantaged Business 
Utilization). 

In my limited experience as a 
small-business liaison, the most 
common mistake made by high- 
tech vendors is that they focus only 
on the attributes of their products 
and ignore the specific needs of 
the agency customer. Agencies 
can make purchases only to meet 
bona fide needs. If we don’t need it, 
we can’t buy it. And if we need it 
but don’t know we need it, we can't 





buy it. 

In addition to developing won- 
derful products, vendors must get 
to know their potential customers. 


aa aS 


Learn our mission and culture. Join 
our professional associations. At- 
tend our public presentations. Re- 
spond when we issue requests for 
comments. Contact the agency 
OSDBU. If you can’t afford to do 
those things, set up relationships 
with resellers that can. 

Brian X. Scott 

Business utilization and 
development specialist, U.S. 
Geological Survey, Denver 


Real Cyberthreats 


ICHARD CLARKE, chairman of 

the President’s Critical Infra- 
structure Protection Board, is right 
on track when he cautions us not to 
dismiss cyberthreats [QuickLink 
35389], countering James Lewis’ 
ill-advised conclusions in a recent 
paper for the CSIS, which pro- 
claims that “much of the early 
analysis of cyber-threats and cyber 
security appears to have ‘The Sky is 
Falling’ as its theme” [QuickLink 
35390]. 

Lewis’ paper is based on some 
flawed premises. For example, it is 
my experience that there are many 
more SCADA systems that have 
Internet connectivity than he as- 
sumes. Certainly, there are fear- 





mongers who enjoy stirring up re- 
action to the latest vulnerability, but 
as a whole, IT security and audit 
professionals paint a realistic and 
credible picture of risks, vulnerabili- 
ties and threats. 

Betty Pierce 

Vice president, Information 
Systems Security Association 
Inc., Denver chapter 


Pervasive Courts 


EGARDING your Future Watch 

article of Jan. 13, the Superior 
Court of Arizona in Maricopa 
County is using a form of pervasive 
computing in some courtrooms - 
e-courtrooms [QuickLink 35198] 
We have a system that tracks the 
speaker and records the informa- 
tion on video. We have replaced 
court reporters in these court- 
rooms. 
Priscilla Dance 


| Superior Court of Arizona, 


Maricopa County (Phoenix) 


Handheld Benefits 


HE ARTICLES on the costs of 

deploying handheld devices 
[QuickLinks 34328 and 34819] 
raised issues that everyone should 


be aware of, but they didn’t note the 


benefits that can be derived by re- 





ducing the number of devices used 
by a workforce. For example, a se- 
cure wireless access project can be 
designed so that employees can 
use handhelds to do things that 
would otherwise require a note- 
book. This can be done by creating 
a few custom Web pages that make 
inquiries to or update the CRM 
database. Thus, for a relatively 
small expenditure, the remote sales 
force no longer needs notebooks, 
but it has access to more timely in- 
formation. If the handheld device is 


| also acell phone, the number of de- 


vices is reduced further. 

Paul Dube 

Business development, 
StratITech Consulting LLC, 
Randolph, N_J., 
PDube@StratITech.com 
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comments from its readers. Letters 
will be edited for brevity and clarity. 
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Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. 
E-mail: letters@computerworld.com. 
Include an address and phone num- 
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The VP of Sales wants data from 
your mainframe. 


The guy who wrote the COBOL application 
passed away in 1992. 


No Problem, 
myEXTRA! Smart Connectors let you do new things with your legacy assets. 


We share your grief. Unlocking the data and logic 
hidden in mainframes has been a struggle. But it’s 
necessary: up to 50 percent of corporate information 
resides within. Struggle no more. With myEXTRA! 
Smart Connectors, you can grab mainframe data — 
in its original format and location — for use with web 
services, extranets, or intranet applications, all with- 
out needing a time machine. 


Find out more. Download our White Paper entitled 
“Leveraging Legacy Applications to Serve New 
Business Initiatives” at www.attachmate.com/SC1. 


attachmate 





TECHNOLOGY 


EMERGING TECHNOLOGIES QUICKSTUDY OPINION 
Task-Centric Storage Takes the Stage | Session Initiation Protocol Just Pin It on Microsoft 


New inexpensive storage appliances based on Learn more about this signaling protocol, | The endless drumbeat of anti-Microsoft propaganda 
Advanced Technology Attached disk arrays which is used for Internet conferencing, is a wonderful way for competitors to distract users 
may redefine the traditional role of the appli- telephony, presence, events notification from failures of their own making, says technology 
cation server. Page 30 and instant messaging. Page 29 evaluations editor Robert L. Mitchell. Page 34 





AINFRAME LINUX can 

boost application up- 

time and reduce sup- 

port costs. But users 

and analysts recom- 

mend acting carefully 
when choosing which applications to 
move to the open-source operating 
system and when training staff in the 
required skills. 

The attraction of Linux on the main- 
frame isn’t so much the low cost of li- 
censing Linux or the fact that users can 
modify it and rely on a community of 
developers to fix bugs, users say. In- 
stead, the big draw is the ability to 
combine Linux with the mainframe’s 
proven reliability, speed and manage- 
ment tools to drive down the cost of 
running critical applications. 

“We're not interested in just getting 
the least expensive thing on the mar- 
ket,” says Randy Lengyel, senior vice 
president of MIS at Wisconsin Physi- 
cians Service Insurance Corp. (WPS), 
a health insurer in Madison, Wis. “We 
want something that is reliable, func- 
tional and has great customer service 
from the [vendor].” 


Hitting the Sweet Spot 


The sweet spot for mainframe Linux 
today is server consolidation — replac- | SO eC a RSE au mesa eS aC cma Ce Weelti | Reem eae 





ing dozens or even hundreds of sepa- 


rate Intel-based Linux or Windows 
servers with a partition on the main- 
frame that dedicates a single processor, | 
memory and other system sources to | 
running Linux. | 
WPS created a virtual Linux server 
running on one 250-MIPS processor | 
that was available within an IBM 
eServer zSeries 900 mainframe and 
did it at 40% of the cost of ordering, 
installing and configuring a new Intel- 
based server, says Lengyel. 
A virtual server can be created with- 
in two to three minutes and deliver as 
much as nine times the throughput of a s . a : 
stand-alone server, he says. WPS, Running Linuxon IBM big iron can deliver 


arenes nace savings — but only with the right applications 
pps oman and upfront planning. BY ROBERT L. SCHEIER 
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Linux’s Expanding Mainframe Role 


Right now, the biggest use for main- 
frame Linux lies in consolidating infra- 
structure servers such as Web servers. 
But a few companies are already looking 
for new ways to use mainframe Linux to 
cut costs and increase efficiency. 

Some are using application server 
environments such as WebSphere and 
WebLogic to run core business applica- 
tions “in modern, Web-enabled or Web 
services environments,” says Giga Infor- 
mation Group analyst Stacey Quandt. 

Randy Lengyel, senior vice president 
of MIS at Wisconsin Physicians Service 
Insurance, says he hopes to do just that. 
If he could run his PeopleSoft financial 
applications on mainframe Linux, 
Lengyel says, he could easily create vir- 
tual servers when his accountants need 
them and switch that power to Web 
servers during peak enrollment periods 
for new members. Currently, he says, the 


The instability of its Windows NT 
servers was one reason why recre- 
ational vehicle manufacturer Winneba- 
go Industries Inc. implemented Dallas- 
based Bynari Inc.’s InsightServer 
groupware application for Linux on an 
IBM zSeries mainframe. 

Dave Ennen, technical support man- 
ager at the Forest City, lowa-based 
company, says he had to reboot his 
Windows NT servers once a week in 
an effort to improve their stability. But 
“on the mainframe, everything is 
geared to staying up 24 hours a day, 
seven days a week,” he says. 

Winnebago already had a mainframe 
(an IBM S/390 Multiprise 3000 Enter- 
prise Server) and a staff skilled in 
IBM’s z/VM, an operating system that 
can divide each partition in a main- 
frame into multiple software-based 
virtual machines, each running its own 
operating system and applications. 

Rather than go through the expense 
of training his staff for the upgrade 
from Windows NT to Windows 2000 
and Windows Exchange Server 2000, 
Ennen says it was more cost-effective 
to use part of his existing mainframe 
capacity and his staff’s mainframe 
skills to run its Linux-based e-mail sys- 
tem. However, “if you were going to go 
out and buy a mainframe” just to run 
Linux, he says, “it’s going to be a little 
hard to justify.” 

Many observers say users should be 
running at least 20 to 25 servers before 


servers that keep the accountants happy 
during their crunch time sit nearly idle the 
rest of the year. 

Dave Ennen, technical support man- 
ager at Winnebago Industries, says he 
hopes to save money by running main- 
frame backup software on Linux. By us- 
ing IBM's HiperSockets to stage legacy 
data to Linux running on the mainframe 
before backing it up, he says, he could 
use lower-cost Linux backup tools. 

Over the next 18 months, says Quandt, 
mainframe Linux will enter a third phase, 
where corporate IT will use it to run not 
only business applications but also data- 
bases that currently run on z/OS. This 
development would let IT shops use the 
lower-cost Linux environment fo run 
complete application environments that 
used to be scattered across multiple, 
harder-to-manage servers. 

- Robert L. Scheier 


even considering consolidation into a 
| mainframe Linux environment. Some 
| of the best candidates for consolida- 
tion are infrastructure applications 
| such as file and print services, e-mail, 
| domain name servers and Web servers 
| such as Apache. 
| But not every application is a natural 
| for mainframe Linux. Windows appli- 
| cations are a poor choice, since they 
| don’t run on Linux, although Linux 
| equivalents are available in many 
| cases. And applications that have com- 
| plex graphical user interfaces or that 
| perform complicated data analysis can 
| use so much processing power that it’s 


ANNI: 


Action Items 


CONSIDER CONSOLIDATING servers that 
run infrastructure applications like e-mail 
LOOK for a Linux distributor with enterprise- 
class support, such as SuSE or Red Hat. 
CROSS-TRAIN the Unix and mainframe 
staffs. 

MIGRATE applications to Linux on Intel- 
based hardware first, then go to 

mainframe Linux. 

FACTOR IN the costs and effort involved 

in adopting new mainframe operating sys- 
tems, such as z/OS or z/VM, that might be 
required to support Linux partitions. 


| stand-alone servers. 





more cost-effective to 
keep running them on * 
Users have also been 
reluctant to move com- 
plex applications such as 
SAP R/3, which can take 
years to implement on 
distributed servers, onto 
a new environment. Al- 
though SAP AG has been 
among the first vendors to support 
Linux with its flagship products, Linux 
will represent only about 10% of new 


| installs in 2003, says Manfred Stein, 


product manager for Linux Lab and 
Unix platforms at SAP. 

Once you've identified applications 
to run on the mainframe, users and an- 
alysts recommend migrating them first 
to stand-alone servers running Linux. 
That’s a good way to get support staff 
familiar with Linux before tackling the 
additional complexity of the main- 
frame, they say. 

Training Unix veterans in main- 
frame Linux skills — or Linux veterans 
in Unix skills — can be one of the 
biggest challenges. Many organizations 
have one support organization for 


| mainframes and another for Windows 


and Unix servers, says John Kogel, vice 
president of the systems and service 
management group at Candle Corpora- 
tion of America in Des Plaines, Iowa. 
These groups must work together and 
learn new terms for familiar concepts, 
he adds. 

Since beginning its move to main- 
frame Linux in January 2002, WPS has 
cross-trained two mainframe and two 
Unix staffers in the combined Linux/ 


| mainframe environment. Each em- 


ployee then took his knowledge back 
to his respective group. 


Choosing the Products 
The choice of Linux distribution for 
the mainframe matters, say users and 
analysts. Nuremberg, Germany-based 
SuSE Linux AG has the closest rela- 
tionship with IBM, so about 80% of or- 
ganizations running production appli- 
cations on mainframe Linux use SuSE 
software, says Stacey Quandt, an ana- 
lyst at Giga Information Group Inc. 
WP%’s Lengyel, for one, chose SuSE 
Linux. “We like to have one focal point 
of support, through IBM, to support 


z/VM as well as the Linux environ- 


ment,” he says. 

But SuSE’s dominance may not last, 
Quandt says, because Raleigh, N.C.- 
based Red Hat Inc. improved its main- 
frame support relationship with IBM 
in the second half of 2002. 

The choice of mainframe operating 


We're not 
interested in 
just getting the least 
expensive thing on 
the market. 


RANDY LENGYEL, SENIOR VP 
OF MIS, WISCONSIN PHYSICIANS 
SERVICE INSURANCE CORP. 
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system also makes a big 
difference. Users can 
run Linux in native 
mode on IBM’s older, 
31-bit mainframe OS/390 
operating system and 
can prioritize applica- 
tion access to resources 
within a partition. But 
IBM’s latest mainframe 
operating system, z/OS, 
supports higher-throughput 64-bit 
processing and lets IT managers prior- 
itize applications across multiple parti- 
tions, says Peter McCaffrey, director of 
product marketing for zSeries main- 
frames at IBM. 

Users who hope to consolidate hun- 


| dreds of stand-alone servers on main- 


frame Linux should also plan to imple- 
ment IBM’s z/VM, recommends 
Quandt. Z/VM lets users create hun- 
dreds of virtual Linux machines within 
each partition. Without z/VM, users 
are limited to 15, one for each partition. 
And, says Ennen, with z/VM, you don’t 
have to bring the mainframe down to 
create a new Linux partition. But 
z/VM has a steep learning curve. 


Linux-Only Hardware 
IBM also offers the Integrated Facility 
for Linux (IFL), a mainframe processor 
that runs only Linux under z/VM and 
costs as little as one-third as much as 
a similar processor used for general 
mainframe workloads, says Quandt. 
IFLs can run on IBM’s Multiprise, 
eServer zSeries and S/390 Parallel En- 
terprise Servers. 

Another advantage: Adding an IFL to 


| amainframe doesn’t boost software li- 


censing bills because IFLs aren’t 
counted in capacity-based software 
pricing agreements, according to IBM. 

For customers that don’t have main- 
frames and might otherwise choose 
high-end Unix servers, Quandt points 
out that IBM offers a Linux-only z800 
with three years of licensing and sup- 
port at entry prices of less than 
$400,000, making it a cost-effective 
alternative to high-end Unix servers. 

Mainframe Linux isn’t a good fit for 
every application or every user. But 
the more you suffer from server 
sprawl, users and analysts say, the 
more you should consider it. B 
Scheier is a freelance writer based in 
Boylston, Mass. 


MAINFRAME LINUX RESOURCES 


For more resources on mainframe Linux, see the 
resource links at 


QuickLink 35645 
www.computerworld.com 
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Under the umbrella of IBM @server xSeries;' meteorological supersite weather.com is enjoying 
meteoric success. Thanks in part to the installation of IBM (Intel® processor-based) servers running 
Linux® Select xSeries models feature the Intel Xeon™ processor to give you superior performance 
and cost-effectiveness. For an IDG report on how growing companies are using IT to advance their 


business, go to ibm.com/eserver/weather ass ue 
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Linux” ready with self-managing features for every e-business. 


Intel*-based / xSeries” 

it’s an affordable and powerful 
combination of mainframe- 
inspired reliability and smart 
systems management tools. 


UNIX” / pSeries™ 

Highly available, highly affordable 
and highly coveted. The pSeries is 
the platform of choice for powerful 
UNIX and Linux solutions. 


Midrange / iSeries” 

Brings @asy-to-deploy, plug and 
play e-Business to your business. 
Sophisticated technology that’s 
easy to manage and Linux ready. 


Mainframe / zSeries” 

Maximum reliability, maximum power, 
maximum flexibility. Designed for up to 
99.999% uptime’ to handle the 
demands of today’s e-businesses. 


Winning through server consolidation. Winnebago Industries lives by its e-mail system. By consolidating its 
functions onto one IBM @server zSeries running Linux, the company created an industrial-strength e-mail 
system, and saved on software licensing fees in the process. For a complimentary guide on server consolidation, 


visit ibm.com/eserver/winnebago 


(© business ts the game. Flag to niin” 


‘Requires Parallel Sysplex environment. All numbers and results reported are from customer sources. This customer example is intended as an illustration only. Costs and results obtained in other customer environments 
will vary depending, among other things, on individual customer configurations and conditions. IBM, the e-business logo, e-business is the game. Play to win, iSeries, pSeries, xSeries, zSeries and Parallel Sysplex are 
trademarks or registered trademarks of international Business Machines Corporation. Linux is a registered trademark of Linus Torvalds. Intel is a registered trademark of intel Corporation or its subsidiaries in the United 
States and other countries. UNIX is a registered trademark of The Open Group. Other company, product and service names may be trademarks or service marks of others. © 2002 IBM Corporation. All rights reserved. 
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CRAIG MUNDIE spent his 
first six years at Micro- 
soft Corp. incubating a 
variety of non-PC com- 
puting and service offer- 
ings — including Win- 
dows CE, software for 
the Pocket PC and 
WebTV — for the com- 
pany’s consumer plat- 
forms division. But now the scope of his 
work is much broader. 

Mundie works with Chairman and 
Chief Software Architect Bill Gates on a 
comprehensive set of technical, business 
and policy strategies that spans Micro- 
soft’s entire product line. As senior vice 
president and chief technical officer of 
advanced strategies and policy, Mundie 
must coordinate the plans when their 
implementation crosses product groups. 

Mundie’s interest in technical and 
policy issues related to security and crit- 
ical infrastructure has landed him on 
several government committees, includ- 
ing the National Security Telecommuni- 
cations Advisory Committee. He also 
started and continues to sponsor Micro- 
soft’s Trustworthy Computing initiative. 

Computerworld’s Carol Sliwa inter- 
viewed Mundie about the Trustworthy 
Computing progress. Excerpts follow: 


What effect did the companywide memo that 
Bill Gates issued in January 2002 have on 
the Trustworthy Computing initiative? That 
was sort of the final step in a company- 
wide evangelism. At that point, it went 
from evangelizing the importance of 
this to the day-by-day practicing of the 
art of what you do about it. You have to 
train people. You have to assess where 
they are. You have to make it possible 
to measure these things. 


How can we in the outside world tell how 
much progress Microsoft has made on Trust- 
worthy Computing? Qualitatively, things 
like Bill’s memo, observing the vast 
majority of people in the company act- 
ing as if they believe this was an im- 
portant thing, is a qualitative way of 
deciding if we made progress. 

In terms of the quantitative mea- 
surements, I think of them in two 
ways. There is, How do we keep score 
internally on whether or not we're re- 
ally doing the right thing? What I said 
a year ago, and which we are working 
every month to do better, is to develop 
an internal measurement system 
where we’re able to assess the progress 
that people have made, assess their 
level of understanding of the issues, 
provide training and then keep score 
of that as a way of creating manage- 
ment metrics that allow the manage- 
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Microsoft’s Craig Mundie sounds off 
on how the initiative is working within 
the company and for customers. 


Title: Chief technical 
officer of advanced 
strategies and policy 
at Microsoft 


LX: [-simoke} 


Top accomplishments: 
Initiator and sponsor 
of Microsoft’s Trust- 
worthy Computing 
initiative; co-founder 
and former CEO of 
supercomputer maker 
FAWUbe Vela @ieyeslojeiiarg 
ystems Corp. 


ment of the company to look in a holis- 
tic way at Microsoft and say, “Well, are 


| all the groups getting it? Are they do- 


ing the right stuff?” 

The ultimate outcome of this is, 
when you look at the products, do they 
exhibit better characteristics? And 
there, the anecdotal evidence which 
we begin to measure in a quantitative 
sense is certainly starting to support 
the claim that we will make a big dif- 
ference here. If you look at Visual Stu- 
dio .Net, which was the first product 
group to span down development in 
order to look at these particular securi- 
ty issues, one thing that’s clearly ob- 





servable is [that] we delayed the ship- 
ment of the product from Thanksgiv- 
ing [2001] until February [2002] specif- 
ically because we made decisions to 
make changes. That costs real money, 
affects real programs and real people. 

Right now, we're very pleased, be- 
cause the number of security issues 
that have come up in that product 
since its release is de minimis. 


What are some of the other areas where the 
effects of Microsoft's security review can be 
seen? [Internet Information Server] 6 
was changed entirely in its installation 
configuration so that only the basic 
Web server, which is quite secure, is 
the thing that’s standardly installed. 

There have been other things people 
can observe in terms of the stand-down 
we did in Windows, where we stopped 
development this year for about 10 
weeks. It produced a set of patches 
that we’ve started to push back out to 
the Windows update mechanism for 
some of the installed products. ... We 
released some new tools, like the Mi- 
crosoft Baseline Security Analyzer. 

In some sense, the first of the real 
Windows products ... where [trust] 
has had a lot of effect on the design 
will be the .Net Server release in the 
spring of [this] year, because ... we 
have stopped and gone back and made 
more fundamental changes. 

The other thing that we think is go- 
ing to be telling will be, Which way are 
all the vulnerabilities, particularly crit- 
ical vulnerabilities, trending in terms 
of the use of the systems? We feel these 
efforts are starting to pay off and that 
our numbers will trend down in terms 
of the absolute numbers of bugs that 
are identified and vulnerabilities that 





www.computerworld.com 


are found and have to be fixed. 


What is the greatest challenge going for- 
ward? In a technological sense, you’re 
chasing a rocket ship. I mean, we con- 
tinue to have the technology moving 
aggressively forward. We continue to 
scale up the capability of the systems. 
As they get bigger and bigger, com- 
plexity mounts, and to some extent, 
those things all work against the idea 
that, well, can we really get this thing 
stabilized and improved? 

So to some extent, I always worry 
about the balance between having to 
make the product and the business go 
forward and trying to lock it all down. 
If things weren’t moving, it would be a 
lot easier. But they have to keep mov- 
ing, or there would be no business. 


What has been your biggest disappointment 


| in the area of Trustworthy Computing? We 


still end up with independent security 
research folks finding bugs that we 
don’t find. ... We wish we would get to 
the point where they’re no better able 
to find things than we are. 

When I think about the industry, one 
of the disappointments I had is that 
there’s no observable evidence, to me 
at least, that any other significant com- 
panies have really chosen to focus on 
this to the degree that we have. Cer- 
tainly, if you look at the Linux commu- 
nity or IBM and the people advocating 
all the open-source approaches, there’s 
about as big a dichotomy as you can 
imagine between what they say about 
that stuff and what it actually means. 

One of my big disappointments as it 
relates to that whole phenomenon is 
basically the blind adoption and re- 
iteration of all the myths around these 
things: Just because it’s open, it must 
be more secure. People think that Mi- 


| crosoft is a whole lot worse at these 


things from an engineering standpoint 
than that community. Well, no, I don’t 
think so. You look at Windows with 
50 million lines of code. You look at 
Linux at, I don’t know, 5 million lines 
of code. You look at the whole number 
of deployments, or at least the total 
number of people that are doing the 
analysis and attack on these things, 
and if we come out even, we’d say we 
must be doing something right. But in 
fact, we don’t find a lot more. In fact, 
now we're increasingly finding less. D 


MORE ON TRUST 


To read more of Craig Mundie’s comments on Trust- 
worthy Computing, the Palladium security features for 
Windows and the competition, visit our Web site: 


QuickLink 35932 
www.computerworld.com 
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Session 
Initiatio 
Protoco 


DEFINITION 
Session Initiation Protocol is a sig- 
naling protocol for Internet 
conferencing, telephony, pres- 
ence, events notification and 
instant messaging. The proto- 
col initiates call setup, routing, 
authentication and other com- 
munication features to end- 
points within an IP domain. 


BY MATT HAMBLEN 
ESSION INITIATION 
Protocol (SIP), with its 
promise of serving as a 
single global signaling 
standard, has mushroomed in 
importance for networking in 
the past year. But it may be 
years from adoption because 
of technical barriers still to be 
surmounted, including prob- 
lems with device interoper- 
ability and concerns 
that SIP will make 
networks more vul- 
nerable, experts say. 
The idea behind SIP 
is to provide a simple, 
lightweight means for 
creating and ending connec- 
tions for real-time interactive 
communications over IP net- 
works — mainly for voice, but 
also for videoconferencing, 
chat, gaming or even applica- 
tion sharing. 
Since the Internet Engineer- 
ing Task Force launched SIP in 
1999, hundreds of vendors have | 





started to sell SIP-enabled 
phones and proxy servers 
globally. In one significant 
move, Microsoft Corp. built 
support for SIP into the Win- 
dows XP operating system. 

A typical corporate scenario 
using SIP for an IP phone call 
would go something like this: 

Caller X needs to speak to 
caller Y. Each of their compa- 
nies has a SIP proxy server. X 

and Y can be using any 
of a variety of clients, 
including a PC soft- 
ware phone, or “soft- 
phone”; a SIP hard- 
ware phone; an analog 
phone with an adapter; 
or a SIP-enabled cell phone. 

When it was turned on, X’s 
client automatically sent a 
register message to his compa- 
ny’s SIP proxy server, telling it 
to route calls to a specific IP 
address. X initiates a call to Y 
via a PC softphone by typing a 
text request that’s sent to her 
company’s SIP proxy server, 





| which uses the Domain Name 
| System to look up Y’s domain. 
| The invite request is forward- 


ed to Y’s company’s SIP proxy 


| server, which sees that X 

| wants to call Y and forwards 
| the invite request to Y’s IP 

| address. 


Y’s phone rings, or a screen 


| pops up, and Y is asked if he 
| wants to accept the call. His 


affirmative response, called a 
200 OK, is sent to his compa- 


| ny’s proxy server, which for- 


wards it to X’s company’s SIP 
proxy server, which sends the 


| 200 OK to X’s client. 


An acknowledgment mes- 
sage, or ACK, is sent directly 
to Y’s client, and the commu- 
nication begins 

SIP is designed to be a key 
component for integrated data 
and voice IP networks. For ex- 
ample, companies can run a 


cost-effective single wire to a 


desktop using IP (replacing 
the second line to a traditional 
phone) and have the PC oper- 
ate as a softphone that enables 
a user to click on a name ina 
PC directory. The name is as- 
sociated with a SIP URL, 
sending a message into a net- 
work cloud. Then, when a 
connection is established, the 
softphone user can communi- 
cate via a headset connected 


| tothe PC. 


| Industry Inroads 


“SIP already has a tremendous 
stronghold in a multitude of 
areas,” says David Fraley, an 
analyst at Gartner Inc. in 
Stamford, Conn. “Lately, SIP is 


| the protocol of choice for new 
| 3G wireless networks and 


phones.” 
Moreover, Cisco Systems 


Inc. and other manufacturers 


of IP public branch exchange 
(PBX) equipment are putting 


| SIP into that hardware, while 


media gateway makers are 
adding it to network cores, 
Fraley says. Microsoft, Yahoo 
Inc. and America Online Inc. 
have made SIP a part of in- 
stant messaging sessions. 

“What we'll have in the fu- 
ture is a single signaling pro- 
tocol across all IP networks, 
and 10 years out all networks 
are going to be IP,” Fraley 
predicts. 

The principal intention, and 








advantage, of SIP is, of course, 
having a common signal 
across a multitude of devices, 
Fraley says. 

But Tim McCracken, busi- 


| ness development manager at 


Cisco, points out that interop- 
erability isn’t always as good 


| as proposed. He says that for 


basic person-to-person calls, 
SIP works fine. However, be- 
yond the basic connection and 
call waiting and call holding, 
there are hundreds of features, 
such as call transferring and 
call billing, that are being de- 
layed due to interoperability 


| problems. 


Craig Cotton, a manager of 


| product marketing at Cisco, 


says his company is “bullish” 
on SIP but questions whether 


| it can evolve to deliver all the 
functionality enterprises want. 


Cisco officials worry that 


| SIP, written as a peer-to-peer 


protocol, could be inadequate 
for organizations that need a 


| signaling protocol for client 


server networks. But Fraley 
says SIP proxy servers can be 
created to overcome this 
problem. 

At WorldCom Inc., SIP “has 


| opened entire lines of busi- 


ness,” says Teresa Hastings, 
director of multimedia ser- 


| vices engineering. In fact, the 


company is already working 
with Microsoft on a beta ver- 
sion of a Windows XP server 
supporting SIP, says Henry 


Sinnreich, a distinguished 


| member of engineering at 


WorldCom. The company in 
August launched a commer- 
| cial IP telephony service 
| called Connection that de- 
} pends on SIP. 
| Despite such high hopes, 
there are concerns that SIP 
| could pose network security 
| problems as it becomes more 
| universal. “If you have a single 
| signaling technology running 
from telephones over the In- 
| ternet into core networks and 
everywhere else, there’s a lot 
| more room for malicious be- 
| havior,” says Fraley. 
| The peer-to-peer nature of 
SIP also raises related con- 
cerns about management and 
control in general, Cotton says. 
“With the traditional client, 
server, [the datacom manager] 
| is in control and you know all 
| the users, but with peer-to- 
peer, you have a lot of features 
| ona device and you don’t go 
| through a central repository,” 
| says Cotton. “Eventually, with 
a SIP proxy server, we'll get 
| that control, but how long will 
it take in a pure SIP environ- 
ment to get pure management 
} and control and security?” D 
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SIP Architecture 


The diagram below shows a SIP architecture for use in a corporate network. SIP stan- 
dardizes information transfer between the clients of individual end users, between the 
SIP proxy and redirect servers and to a SIP gateway that also provides connectivity to 
the public switched telephone network and the company’s legacy PBX. The user 
clients are directly linked to the SIP gateway via RealTime Transfer Protocol 
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Outlook: New intelligent, inexpensive 


a 


ATA- pased oe appliances are solving 


n-specific problems - and 


e 


ne the traditional role of the 


n server. By Robert L. Mitchell 


ETWORK APPLIANCE INC.’S 
NearStore ushered in the 
era of using inexpensive, 
Advanced Technology 
Attached (ATA) disk arrays 
for disk-to-disk backup or 
secondary, near-line storage. 
uct, launched in March 2002, offers 
faster backup and recovery times at a 
cost per megabyte that’s competitive 
with tape backup systems. Now ven- 
dors are rushing to add ap- 
plication-specific intelli- 
gence to ATA-based storage 
appliances that reduces ap- 
plication server workloads 
while offering more effi- 
cient ways to store and retrieve data. 


Perhaps the best example is Centera, 


EMC Corp.’s system for indexing, stor- 
ing and retrieving “fixed content” 
In Centera’s Content Addressed Stor- 
age scheme, the client application by- 
passes the server’s file system by mak- 
ing calls to a proprietary application 
programming interface (API). Centera 


EMC CORP. 
@ Location: Hopkinton, Mass. 
m Web: www.emc.com 
m Product: Centera; prices range from 
$204,000 for 5TB of mirrored storage to 
$408,000 for 10TB. Systems can be 
clustered for up to 150TB of capacity. 
a Release date: April 2002 


The prod- 


files. 


intercepts each file storage request, 


| strips off the metadata (such as date 


and time stamps) and runs a hashing 


algorithm to create a unique, 27-charac- | 
| ter content ID. It then returns a content 


descriptor file (CDF) to the client ap- 


| plication that points to both the stored 


| object and its metadata. Thereafter, the 


application need only request the 

stored object’s content ID. Abstracted 

from the storage media in this way, the 
application needn’t worry 


way about disk I/O, tracking the | 


EMERGING ve 
TECHNOLOGIES 


| should need less of a server... 


file path or keeping up 
with changes in the back- 
end storage configuration. 
The bottom line: “You 
and the 


| applications should run more efficiently 


| 
| 


on lower-cost compute platforms,” says 


| Steve Duplessie, an analyst at Milford, 


Mass.-based Enterprise Storage Group. 
Centera’s technology also eliminates 


| redundant file storage by creating mul- 


tiple references that point to a single 


| instance of the stored file. For exam- 


AVAMAR TECHNOLOGIES INC. 
@ Location: Irvine, Calif. 
ws Web: www.avamar.com 
w Product: Axicn backup appliance; 
prices start at $170,000 for up to 3.5TB 
of mirrored storage. 
w Release date: October 2002 





Task-Centric Storage 
Takes the Stage 


ple, to store an archived e-mail file at- 
tachment sent to 1,000 users, Centera 
would create 1,000 CDF references to a 
single content ID, which in turn would 
reference a single, stored file. 

Start-up Avamar Technologies Inc. 
takes this technology one step further 
to address the problem of backup inef- 
ficiencies. While Centera’s CDF tech- 
nology can eliminate storage of redun- 
dant files, Avamar’s Axion backup ap- 
pliance indexes the individual data 
blocks that make up those files on disk 
in order to eliminate both file and par- 
tial file redundancies. When a sen- 
tence changes in a document, for ex- 
ample, Axion updates only the affected 
blocks within that file. 

“We're so much more efficient [that] 
we can store 10 to 100 times the amount 
of daily backups that you could ona 
[disk-to-disk backup system that is] 
mirroring tape backup,” says Jed Yueh, 
Avamar’s executive vice president. The 
result is a system that requires less 
space for backups, can restore faster and 
can efficiently back up distributed sys- 
tems over a wide-area network, he says. 

Another start-up, Netezza Corp., has 
taken the intelligent storage concept 
the furthest by embedding parallel 
processing power with individual disk 
drives. It designed the Netezza Perfor- 
mance Server as a “data appliance” 
that optimizes business intelligence 
queries against very large databases, 
replacing the traditional Oracle data- 
base running on high-end Unix servers 
and EMC storage arrays. CEO and co- 
founder Jit Saxena says disk I/O is a 
bottleneck when querying such data- 
bases. Netezza’s parallel processing ar- 
chitecture packages what it calls Snip- 
pet Processing Units (SPU) with each 


NETEZZA CORP. 
@ Location: Framingham, Mass. 
® Web: www.netezza.com 
@ Product: Netezza Performance Serv- 
er; prices range from $622,000 for a 
4.5TB system to $2.5 million for an 18TB 
model. 
w Release date: September 2002 
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Under the hood, both Centera and Axion 
storage appliances use what are called 
Redundant Arrays of Independent 
Nodes (RAIN) to achieve redundancy 
and improved reliability. Both systems 
consist of independently functioning 
storage nodes that jit inside a standard 
19-in. cabinet. Each node includes one 
ormore disk drives, a CPU, memory, 
and Ethernet connections that serve as 
the communications backplane within 
the box. Like network-attached storage 
devices, each node runs its own operat- 
ing system. (Centera runs a variant of 
Linux it calls CentraStar.) 

RAIN is an implementation of RAID 
across nodes, rather than disk arrays. 
Centera uses RAIN for disk mirroring. 
Axion supports “RAIN-5,” a node-level 
implementation of RAID 5, which re- 
quires fewer redundant drives. 

The RAIN architecture also enables 
scaling. In Centera, for example, up to 
16 individual racks can be clustered for 
up to 1507B of mirrored storage, and 
up to seven clusters can be arranged 
into a “domain” to support up to 1.05 
petabytes of data. 

- Robert L. Mitchell 


disk drive — up to 450 per appliance 
— and integrates those with a symmet- 
ric multiprocessing front end that can 
accept SQL queries from any applica- 
tion that supports the Open Database 
Connectivity protocol. Each SPU has 
dedicated memory and communicates 
over a Gigabit Ethernet connection. 

“We have deployed huge amounts of 
intelligence right next to each drive,” 
says Saxena. By keeping all drives proc- 
essing in parallel, he says, “we provide 
10 to 20 times the performance of a [tra- 
ditional] system at half to one-third the 
cost.” And because the system is read- 
intensive and application-specific, Sax- 
ena says ATA-based drives work well. 

By using smart, inexpensive ATA- 
based storage appliances that offload 
I/O processing for application-specific 
tasks, vendors may eventually change 
how users view the traditional server’s 
role, says Duplessie. 

“What we’re doing is taking distrib- 
uted computing to the next level by 
‘appliance-izing’ the intelligence in the 
server,” he says. But even big-name 
products like Centera are still in early 
stages of acceptance. “It will take some 
time for people to make the best use of 
this,” predicts Jamie Gruener, an ana- 
lyst at The Yankee Group in Boston. D 


Centera Turns State’s Evidence 


The Southern California High Tech Task Force in Nor- 
walk, Calif., became an early adopter of EMC’s Centera, us- | 
ing it to archive forensic evidence gathered from suspects’ 
computers. Prior to using the system, investigators burned | 
evidence onto CD-ROMs - as many as 100 for a 60GB | 
drive image. “We needed something that was se- 


cure, very reliable,” says project director Rick Crai- CASE 


go. Centera’s design supported mirroring and pro- 


Centera archive before users erase them from the active 
storage area. Craigo says Centera was priced right. “Our 
sheriff's department has a Symmetrix system that cost a 
million bucks, and that's 1TB. We're at a quarter of that for 
10TB. It’s a day-and-night comparison,” he says. But the 
system has another benefit: Craigo uses it to back 
up files on both the evidence network and Win- 
dows 2000 servers in the Task Force's offices. 


vided an audit trail, since stored objects can’t be AyD Backups run quickly and with minimum space be- 


changed without generating a new content ID. 


cause Centera saves only one copy of redundant 
files and updates only those files that have changed. “With 


“Centera was almost a custom fit.” says Craigo. | 
Using custom-developed software, investigators now | the amount of archiving we do, we'll see the overall savings 
store captured evidence on a Linux server cluster with 6TB | in about a year and a half,” he says. 
1 
1 


of direct-attached storage. Completed cases migrate to the - Robert L. Mitchell 


HIGH-SECURITY EVIDENCE AND BACKUP SYSTEM 


The Task Force's evidence system routes forensic disk image evidence 
gathered at detective workstations over a Gigabit Ethemet LAN to a 
Linux-based evidence server cluster. The system stores images in 
electronic file folders along with reports and other case files. Special 
software on the storage switch server cluster makes calls to the Centera 
API to allow daily backups of local office server and evidence server data 
to the Centera device. Centera’s CDF technology lets the system store 
each unique file just once, making backups more efficient by eliminating 
Detectives permanently archive evidence server data on Centera as 
they close each case. Centera’s ability to create a unique content ID with 
a time and date stamp for each stored object creates the secure audit trail 


Evidence images 
and CDFs 


Nifty 
Saal 
oa aed 


= Office = Backup files 
Task Force office network backup and CDFs 
Windows 2000 servers connection 
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Missing PKI 
Causes a Panic Attack 


A potentially compromised root key threat- 
ens to undermine the entire corporate 
public-key infrastructure. By Vince Tuesday 


Y COMPANY has a 

formal process to 

deal with staffers 

who are leaving our 
company. It helps us close ac- 
counts quickly and deal with 
complicated situations like fir- 
ings. We don’t want someone 
to find out from our team that 
he’s lost his job, rather than 
from human resources or his 
manager. So we must follow a 
complicated series of 
steps. Recently, we 
had a misstep. 

In our process, the 
PC support group 
disables network and 
e-mail accounts, oth- 
er teams disallow ac- 
cess to the appropriate ac- 
counts on their systems, and 
finance ceases mobile phone 
and remote-access service and 
recovers hardware from ihe 
employees. 

I'd always felt we were do- 
ing well at balancing the need 
to act quickly with the need to 
protect the feelings and con- 
fidentiality of departing em- 
ployees. Then I was called and 
told that someone who had 
left a month ago, let’s call him 
“Nick,” had logged into a criti- 
cal server and that important 
files were missing. 

A junior staff member, 
whom I’ll call “Bob,” had taken 
over Nick’s work and couldn’t 
find the test root key when he 
tried to issue test private keys 
for our customers. While 
searching on the server that 
held these files, he discovered 
that someone had logged in 
using Nick’s account and 
deleted it. 

In a public-key infrastruc- 
ture (PKI), everything boils 
down to the root key. If you 
have the root key, you can issue 
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your own keys for any part of 
the system and pretend to be 
whomever you like. Without 
our root key, we could issue no 
new keys and would have to re- 
build our PKI from scratch — a 
daunting prospect. 


Alarming Activity 

At first, I wasn’t too worried, 
since this was just the test sys- 
tem. I had Bob disconnect the 
machine from the 
network and give 
me the IP address 
the connections 
were coming from. 

I then asked the net- 
work team to trace 
it. The address fell 
within a range we allocate for 
remote access, and it could 
have come only from Nick’s 
house. It turns out that Nick’s 
Windows account had been 


| properly closed, but the tele- 


phone company hadn’t shut 
down his line, and his Unix 
account was still active. 

Even more alarming were 
the initial reports from the 
analysis of the disconnected 
machine. Unix stores a history 
of previous commands users 


Without our root 
key, we could issue 
no new keys and 
would have to 
rebuild our PKI 
from scratch - a 
daunting prospect. 





have run, and it showed that 
Nick’s account had conducted 
a vast cleanup operation. The 
contents of directory after 
directory had been listed and 
then deleted. 

This could be a sign of nor- 
mal tidying up — or of a not- 
very-skilled malicious user. 
Unix writes the history file to 
disk when you disconnect. If 
you want to get rid of it, you 
have to connect again, delete 
the history and leave once 
more. Otherwise, like Nick, 
you leave the entire set of 
commands issued in the ses- 
sion. With the full history, we 
could see he had visited the 
directories with the keys in 
them but hadn’t copied or 
opened any of the files before 
deleting them. 

The root key was safe, be- 
cause Nick hadn't looked at the 
contents. But could it be recov- 
ered so that new test keys 
could be issued? Or would we 


| have to make a new one and 


reissue the entire test environ- 
ment trust infrastructure? 

Normally, we would use a 
disk utility to recover the files, 
but with so many files deleted 
at the same time, tracking 
down the ones we needed 
wouldn’t be easy. Then Bob 
pointed out that the important 
files, including the root key, 
had been copied to a Windows 
NT shared drive. 


Share Scare 


Meanwhile, I made an angry 
call to the telephone company 
and chased down the heads of 
the systems operations group, 
which quickly plugged the 
holes and corrected the proc- 
ess. It seemed that Nick had 
merely meant to clear up his 
files and free up disk space. No 
harm had been done. Or had it? 
Bob connected to the NT 
share, one of our company- 
wide temporary file-sharing 
spaces that’s open to all users. 





Root Key 


He navigated to the directo- 
ry used by his team, then went 
to the section for the test keys, 
in a folder called Test. But 
what was the folder next to it, 
called Live? 

My heart missed a beat. The 
keys to our live system are 
produced under total care and 
close supervision, processed 
on machines not connected to 
external networks and careful- 
ly encrypted whenever they 
are transferred to backups. 

I pictured the result of them 
lying around on a wide-open 
NT share available to thou- 


| sands of staffers. We would 


have to shut down our key sys- 
tems, investigate all access to 
confirm it was legitimate and 
notify all users. The humilia- 
tion and ridicule from our cus- 
tomers and competitors would 
be huge. “Live?” I asked in a 
nervous tone. 

“Don’t worry,” Bob said. 
“Someone just added the di- 
rectory to keep the structure 
consistent with all our others. 
We always have a Live and 
Test. Look, it’s empty — al- 
ways has been.” 

I checked the backup logs to 
confirm that Bob was correct 
before letting out a long sigh 
of relief. By concentrating all 
the trust and security of the 
system into a few small files, 
PKI does limit what you have 
to protect and makes it easier 
to focus your efforts. But PKI’s 
root key also makes it easier 
for things to go horribly 
wrong, as my experience 
shows. B 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: 


QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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ner, a guiding 

light in the Honeynet Project, 
has produced a masterful 
summary of the current state 
of the art for “honeypots” - 
security systems whose value 
lies in their being probed, at- 
tacked or compromised. By 
distracting hackers from real 
targets and capturing their 
tactics, honeypots help make 
networks more secure. 

Spitzner takes the reader 
ona tour of the history of hon- 
eypots, reviews the six major 
commercial and freeware 
products and outlines the 
steps involved in setting up a 
honeypot. He also includes a 
chapter covering the current 
legal status of this approach 
to security. 

The book includes an ex- 
tensive CD-ROM with back- 
ground reading and many of 
the software tools Spitzner 
discusses. 

The writing style is a bit 
stilted and repetitive, but as a 
resource on honeypots, this 
book is a must-have. 

- Vince Tuesday 


A Better Browser 


Antivirus software intercepts 
and scans e-mail file attach- 
ments at the point of entry, 
but files downloaded using a 
browser aren’t scanned until 
after they're saved. 

Secure IE, an Internet 
Explorer add-on from Boston- 
based Winferno Software, 
blocks access to those files 
until they've been scanned. It 
also makes defining security 
zones easier and can block 
ActiveX, Flash and pop-up 
windows. Pricing starts at 
$29.95 per seat; volume pric- 
ing of $15 to $20 per seat is 
available. 





BUSINESS TRIVIA QUESTION 


Number 41 


is the company 
that 400,000 businesses rely on 
for e-commerce. 


(a) VeriSign 
(b) VeriSign 
(c) VeriSign 
(d) VeriSign 
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We’re also the company that enables 7 billion network connections every day. VeriSign has spent the last seven years building a secure 

infrastructure for the Internet. Wed like to do the same for your business. VeriSign can help you deploy a trusted infrastructure so you 

can conduct secure communications and transactions. Soon you'll know why 475 of the Fortune 500 use VeriSign. wl 
eriSign: 


Learn all you need to know about infrastructure security — and how VeriSign’s managed network and security solutions 
can help you — by downloading our new white paper: Cyber Security in the Age of Action. Visit www.verisign.com/ security The Value of Trust™ 
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Media Exchange 
Appliance Debuts 


Zultys Technologies in Sunnyvale, 
Calif., last week announced the 
MX1200, a media exchange ap- 
pliance for integrating voice over 
IP, data, video and fax with one 
software interface. It runs on the 
Linux operating system using 
standard protocols such as the 
Session Initiation Protocol, Voice 
XML and the Telephony Applica- 
tion Programming Interface. 

The MX1200 scales from 25 to 
1,200 users, and prices range 
from $20,000 to $212,000, de- 
pending on the number of users. 


Microsoft Updates _ 


MOM 2000 


Microsoft Corp. has announced 
enhancements to its Microsoft 
Operations Manager (MOM) 
2000 software, which helps 
companies manage Windows en- 
vironments. The enhancements 
include about 30 management 
pack updates with application- 
specific information for common 
Microsoft server scenarios; 
Service Pack 1 with globalization 
capabilities; and support for clus- 


tering the MOM database, a MOM | 


Resource Kit to help users im- 
prove efficiency and an updated 
software development kit. 


Compuware Offers 
Vantage 8.5 


Compuware Corp. in Farmington 
Hills, Mich., released an instant 
reporting upgrade to its Vantage 


application performance manage- 
ment line. Version 8.5 will include 


a Web-based user interface to 


manage an entire enterprise from | 


a single console, allowing views 
into clients, servers and network 
nodes and links. 

The new reporting tool allows 
IT staff to combine in-depth sys- 
tem-performance data with infor- 
mation about the end user’s ex- 
perience and then immediately 
publish an integrated report that 
can be distributed via e-mail or to 
other Web sites. Pricing for Van- 
tage 8.5 starts at $19,000. 
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ust Pin It on 
Microsoft 


ICROSOFT HAS BECOME the compa- 
ny that the computer industry loves to 
hate. It’s downright fashionable these 
days to blame everything on the “con- 
victed monopolist.” But that attitude 
also serves as a convenient vendor smoke screen that 


distracts the industry from 
more important issues — 
such as building good prod- 
ucts, listening to the cus- 
tomer and developing new 
technologies. 

Is Microsoft truly re- 
sponsible for everyone’s 
failures in this industry? To 
listen to its competitors, 
one might think so. 

Vendors that can’t com- 
pete have always needed 
someone to blame, some- 
one to sue. Why not Micro- 
soft? What other reason could explain 
why competitors’ “technically superi- 
or” products fail to catch on? How 
about this: Many vendors are so cock- 
sure that they know what’s best for 
corporate IT that they fail to listen to 


what IT managers really want. Instead, 


they try to force-feed managers tech- 
nologies they don’t need. Microsoft 
has no monopoly on arrogance. 

If there’s one thing Microsoft is 
good at, though, it’s listening to the 
customer. In fact, one could argue that 
the problems technologists hated most 
in Windows 9x — poor security and a 
lack of reliability — are a direct result 
of listening too closely to end users, 
who were demanding ease of use and 
ever more features. With its stated re- 
liability and security initiatives, Mi- 
crosoft now has a laser focus on the 
needs of corporate IT, and the ship is 
slowly turning. The lawyers are ready. 

Few companies have been vilified to 
the extent that Microsoft has. Even 
cigarette maker Philip Morris (now 





Altria Group Inc.) gets 
more respect these days. 
In online forums, a sub- 
culture of hate has arisen 
where Microsoft has been 
accused of everything 
short of building weapons 
of mass destruction. And 
those who view alternative 
technologies as a personal 
religion see Microsoft as a 
threat to their very exis- 
tence. The Great Satan 
must be toppled. 

Far removed from these 
arguments sit most corporate IT man- 
agers, who don’t care about intrigue. 
They want products that make good 
business sense. Products like Micro- 
soft’s Exchange, SQL Server and Sys- 
tems Management Server aren’t gain- 
ing ground in corporate America be- 
cause they’re being forced on IT. 
They’re getting in because they have 
features IT has been requesting. 

And the idea that Microsoft’s prod- 
ucts are inferior is bunk. If you don’t 
believe that, ask a corporate program- 
mer who has worked with Visual Stu- 
dio .Net and the .Net Framework. Or 
an Exchange 2000 administrator. Or 
early users of Windows Server 2003. 

In most cases, Microsoft has consis- 
tently churned out technically solid 
products. Are they category leaders? 
Often not. Do they have weaknesses? 
You bet. But in corporate IT, where 
slow and steady is the name of the 
game, a good-enough product with en- 
terprise-class support will do just fine. 

It’s well known that Microsoft can 





spend huge sums to establish itself in a 
new business. It’s true that the compa- 
ny leverages its hegemony in desktop 
and departmental server software to 
gain footholds in new markets. But its 
dominance beyond software is over- 
rated. Microsoft ranked 72nd on the 
Fortune 500 list last year. Its revenue, 
at $28 billion, is about one-third that of 
IBM, which is just as aggressive and 
customer-focused — and is pushing a 
Linux strategy that actively competes 
against the Windows franchise. 

Microsoft isn’t invulnerable. It’s still 
protecting a proprietary Windows ar- 
chitecture in a world that increasingly 
demands open systems. Key business- 
es outside of Windows and Microsoft 
Office, from MSN and Xbox to cell 
phones and set-top boxes, lost money 
to the tune of $1 billion last year. And 
with the market for its Windows fran- 
chise maturing, Microsoft tacitly ac- 
knowledged that it’s unlikely to grow 
as it once did by declaring a modest 
shareholder dividend in January — an 
event that rocked the industry. 

This is the Evil Empire that’s re- 
sponsible for all of our problems? I 
don’t see it. Yes, Microsoft can be a 
ruthless competitor. Yes, the govern- 
ment declared that the company 


| abused its monopoly power in the op- 


erating systems market and used that 
advantage to drive competitors out of 
key markets. But the biggest complain- 
ers aren’t the small guys who got 
squashed by the Microsoft elephant. 
It’s the other big boys in the herd who 
often bang the drums hardest. Those 
vendors should take responsibility for 
their own competitive missteps and 
keep the focus on the customer, where 
it belongs. D 


DO YOU AGREE? 


Post your thoughts and read what others have to say, in 
our online discussion forum: 


QuickLink a2850 
www.computerworld.com 
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4 Too often people think they have to create Fort 
Knox. If you’re in the nuclear power business, 


Perk Watch: 
BMWs Are Out, Bowling Is In 
Companies are doing their best to keep 

IT talent. A wonderful boss, good career 
growth opportunities and the prospect of 
fun are key to luring pros for the long term, 
says Cognos CIO Rob Collins (left). Page 38 


STEAL THIS IDEA 


Sorina ie Right Person 
At the Right Time 

Dow Chemical reduced its hiring cycle 
time across 900 offices in 65 countries 
by consolidating its efforts through an 
application service provider. Page 40 


| 
you're right at the top. But if you’re in baked goods, | 
nobody’s looking to knock off the Keebler elf.” | 
| 
| 
1 


- Jay M. Williams, senior vice president and chief technology 
officer at The Concours Group. Page 37 
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When Judith Franklin was charged with dramatically improving customer service in Minne- 
sota’s Driver and Vehicle Services division, she emphasized delivering functionality fast. 
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Minnesota's 
solution may 
have been 
cheap and 
inelegant, but it 
works just fine. 
By Connie 
Winkler 

Sins Wienegeaedte 

shape up Minnesota’s gov- 


ernment, the state’s Driver 
and Vehicle Services (DVS) 


division was taking as long | 
| as four months to renew a driver’s 


license or issue car registrations and 
license plates. Complaining was use- 
less because the 30-person call center 
couldn’t answer the 1.5 million calls 

it received annually. The system was 
a joke. 

“Courts would tell citizens to call 
DVS to find out when their driver’s li- 
cense was reinstated, for example, and 
citizens would just laugh because they 
knew it was impossible to get through 


on the phones,” recalls Judith Franklin, 


manager of enterprise technology sup- 
port for DVS and the person 
charged with untangling the mess. 

Or, more dangerously, police 
would stop drivers on the roads 
and have no way of knowing for 
sure whether a license was suspended 
or had been reinstated as motorists 
claimed. 

As part of the totally paper-based 
system, various forms for licenses and 
registrations piled up at DVS in St. Paul 


and across an assortment of third-party 


companies that the state contracts to 

process DVS paperwork. Consequent- 
ly, the information was keyed by about 
30 data entry workers into an archaic, 
1970s vintage mainframe database sys- 


Ns 
sy 


tem known as Supra from Cincom Sys- 
tems Inc. in Cincinnati. To generate 
and decipher reports from the data, 
DVS users needed dot-matrix printers, 
Cobol programmers and highlighter 
pens. The system was a mess. 

That was three years ago. Today, citi- 
zens receive renewed driver's licenses 
in three to seven days by applying ei- 
ther via the Internet or at one of the 
hundreds of third-party driver’s license 
contractor sites, the majority of which 
are connected via a sister Web system. 

In the courts, 1,200 judges get imme- 
diate access to driving records, and po- 
lice are beginning to download driver’s 
license photos to car computers to aid in 
their work. Back in St. Paul, DVS opera- 
tions and budgets are being revamped, 
and, as a result, the more than two- 
dozen data entry workers — many of 
whom were hired 20 to 30 years ago — 
are now asking what their new jobs are 
going to be. According to DVS, they’re 
being reassigned to other jobs at a sav- 
ings to DVS of about $72,000 a month. 

But getting here wasn’t easy. 


| Under New Management 


| “Our new management is very much 


into managing us as a business,” says 
Franklin. “We needed to have a tech- 
nology infrastructure that supported 
the business practices we wanted to 
change.” 

DVS chose Verastream Host Integra- 
tor software from Seattle-based soft- 
ware vendor WRQ Inc. and com- 
modity servers running a Mi- 
crosoft SQL Server database as a 
cost-effective solution. This in- 
termediary server-based tier 
uses component technology to extract 
the valuable business-logic nuggets 
from the old code residing on the 
mainframe and to link the new Web- 
enabled front end to the green screens 
and IBM S/390 back end, which is still 
running under CICS in the state’s De- 
partment of Administration (see dia- 
gram, next page). 

As so many state governments now 
face huge budget shortfalls, this front- 

Continued on page 36 
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Continued from page 35 

end approach is “fairly common be- 
cause there are so many state back-end 
systems that require a complete over- 
haul,” says Thom Rubel, program di- 
rector for IT at the National Governors 
Association in Washington. “Most 
states are trying to do it this way be- 
cause redesigning everything is too ex- 
pensive. They’re trying to create open 
architectures so they can create sys- 
tems that don’t require wholesale 
change on the back end.” 

A bonus for states is that adding self- 
service capabilities frees up employees 
for other jobs. “There are efficiencies 
to be gained, and many states are try- 
ing to identify still-manual processes 
that don’t need to be there,” says 
Rubel. “States don’t always get rid of 
people, but they redeploy them to 
functions they haven’t been able to do 
for lack of people funding.” 


Avoiding Back-End Overhauls 


For Franklin, who was brought in to 


give DVS its own computing capability, | 


make the agency more accountable 
and dramatically improve customer 
service, redesigning the mainframe 
system wasn’t an option. 

“T’ve talked with other states which 
dropped such projects after two years 
because they bit off too much in want- 
ing to change the whole back end,” she 
says. “They spent multiple millions of 
dollars, but after several years, they 
dropped the project. ... Everyone had 
lost interest because there was no de- 
liverable.” Ultimately, Franklin adds, 
DVS wants a new back-end database, 
but that’s a long-term project. 

For now, Franklin emphasizes deliv- 
ering functionality fast. “You have to go 
ahead and make some moves. You can't 
wait until you've designed everything 
— the business will have changed in 
the two years it took you to redo every- 
thing,” she says. 

Because the Supra system was a 
closed, proprietary product with little 
application documentation, there was 





| 


no way to hook in application pro- 
gramming interfaces or other connec- 
tions used by current technologies. “If 
it had been IBM’s DB2 or Oracle’s 
database, there would have been all 
sorts of tools we could use,” she ex- 
plains. The other issue: Franklin had 
only three programmers, none of 
whom had worked with Web systems 
or databases before. 

Franklin turned to WRQ,, with which 
she had worked in the past, to connect 
sundry desktop systems to main- 
frames. Verastream was installed in 
September 2001, and by November the 
small team had the driver’s license re- 
newal process online. The initial Vera- 
stream software and server hardware 
cost about $25,000, but the system is 
now up to five servers, representing an 
investment of about $100,000. 

Many systems designers today may 
find such a solution inelegant. But it 
reflects the wider reality that employ- 
ees, partners and customers want ac- 
cess to information on demand. They 
don’t want to wait months or years to 
get the capability. Yet, existing legacy 
systems weren't designed for such 
flexibility, and IT budgets are tight. 
That leaves many IT managers trapped 
between legacy systems and the “ex- 
pectations of the Web generation,” 
notes WRQ President Shaun Wolfe. 

Another big plus for DVS is that 
Verastream’s component technology 
allowed DVS to reuse chunks of code 
containing the business logic for a spe- 
cific application, such as computing the 
tax on a car based on its age. 

“I didn’t want to rewrite all that; if 
it’s already written, why can’t I reuse it 
and Web-enable it?” says Franklin, who 
in previous jobs re-engineered main- 
frame-based systems for 3M Co., the 
Carlson School of Management at the 
University of Minnesota, and St. Paul’s 
schools. 

Verastream also includes data audit- 
ing tocls, which enable DVS to collect, 
store and manage new information 
from the Web transactions. Also, be- 
cause Verastream uses models to build 
applications, those models can be re- 
used as needed. Internal users appreci- | 
ate that new applications are turned 

4round in one to two months and that 
they perform consistently, Franklin says. 





improved Access 
Currently at www.mndriveinfo.org, citi- 
zens can renew their licenses or plate 
registrations, change their addresses, 
check car tax information and ascer- 
tain their driver’s license status. 

At www.dps.state.mn.us/esupport, 
the state’s hundreds of judicial and law | 


www.computerworld.com 


Fast Functionality on the Cheap 
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enforcement agents and business part- 
ners, such as car dealers and private li- 
cense-processing businesses, can get 
password access to conduct their busi- 
ness. Courts and the police can read 
and update driver’s license records. 
The business partners can renew or 
duplicate driver’s licenses, schedule 
driver exams and renew registrations. 
Some pilot sites are even issuing dupli- 
cate titles. These private agents now 
conduct more than 50% of vehicle re- 
newals and 10% of driver’s license re- 
newals online. 

At these third-party business sites, 
distributing the data entry via the Web 
to where the citizen is submitting the 
application dramatically improves ac- 
curacy. If the eye exam is missing from 
the application, the processing stops, | 
rather than the error being caught three 
weeks later in St. Paul. Such errors 
would require that the third party chase 
down the citizen for a re-exam, which 
is just one of the horror stories from 
the previous process, franklin reports. 

Indeed, reworking the DVS systems 
to serve citizens has shaken out many 
rat’s nests and inequities. Currently, 
private companies are able to buy the 
state’s DVS information — at no profit 
to the state — and resell it back to the 
citizens. Now, says Franklin, “our goal 
is to distribute the information tothe | 
citizens whose information it is,” even- | 





tually eliminating the middleman com- 
panies that now sell it back to citizens 
for a fee. 

In 2002, Ventura didn’t seek re- 
election as governor, but the account- 
ability gauntlet he threw down to state 
agencies remains. His successor, Re- 
publican Tim Pawlenty, has already 
asked the DVS, “How are you going to 
integrate this with the rest of the 
state?” Franklin is talking with Min- 
nesota’s Department of Finance and 
the Bureau of Criminal Apprehension. 

Minnesota’s experience is mirrored 
across the nation. States have been the 
last holdouts for the hierarchical main- 
frame-based systems of the 1960s and 
1970s, says the National Governors 
Association’s Rubel. That situation has 
endured because of constitutional and 
statutory requirements, but the org- 
anization’s best-practices group is see- 
ing a surge in new systems-migration 
strategies. 

“States are ideally headed toward the 
practice of ‘capture the data once and 
use it many times, so that citizens and 
businesses aren't constantly re-enter- 
ing data,” says Rubel. “But you can still 
find some strange things out there.” D 





Winkler, a former New York bureau chief 


for Computerworld, writes about tech- 


nology management from Seattle. Con- 
tact her at winklerconnie@yahoo.com. 
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How to Do anlT 
security Audit 


Understandin 


your business will focus 


your efforts. By [ Kaditeeh Melymuka 


F YOU’RE THE IT MANAGER at a | 
small to midsize business, it’s 
only a matter of time until you’re 
asked to do an IT security audit. 
Even in a larger company, if secu- 
rity is decentralized, you may be 
the go-to guy in IT. You’re neither a se- 
curity expert nor an auditor, and re- 
sources are tight. How will 
you begin and where will you 
go from there? 
= First, don’t panic. “People 
sell themselves short,” says Jay M. 
Williams, senior vice president and 
chief technology officer at The Con- 
cours Group, an IT consulting firm in 
Kingwood, Texas. “For the most part, 
security is common sense.” 
= Join a security research organization 
such as the Information Security Fo- 
rum, says RA Vernon, chief security of- 
ficer at Reuters America Inc. in New 
York. “You'll find a group of individu- 
als willing to talk about security issues, 
share experiences and add some value 
to any process you may try to imple- 
ment,” he says. They can direct you to 
software, methodologies and other re- 
sources to help you tackle the job. 
= Consult with your business executives 
to be sure you understand which as- 
pects of your business are most vul- 
nerable to security threats. 





& Consider your industry. “Too often 
people think they have to create Fort 
Knox,” Williams says, but in reality, 
few companies have extremely tight 
data security requirements. “If you’re 
in the nuclear power business, you’re 
right at the top,” he says. “But if you’re 
in baked goods, nobody’s looking to 

knock off the Keebler elf.” 

= Manage executive expecta- 

tions. “An IT audit program 

will not happen overnight,” 
says David Hoelzer, director of Global 
Information Assurance Certification 
and manager of the Advanced Systems 
Audit track of the SANS Institute, a co- 
operative security research and educa- 
tion organization in Bethesda, Md. De- 
pending on the size of the organiza- 
tion, it will take at least several weeks, 
he says. “Prepare management for the 
work that will be required of them to 
assist you,” he adds, because they’ll 
need to help correct any faulty policies 
and practices that are uncovered. 

= Map it out. Work with technology 
and business analysts to draw a high- 
level schematic of the vulnerable inter- 
sections of technology and business, 
Vernon suggests. 

Consider security tools. There is 
software that can scan your network 
and produce a list of areas of exposure. 


TT Security Resources 


CERT Coordination Center 
www.cert.org 

= A center of Internet security exper- 
tise at the Software Engineering Insti- 
tute, a federally funded research and 
development center operated by 
Carnegie Mellon University. Informa- 
tion and training on protecting your 
system, reacting to current problems 


and predicting future problems. 


SANS Institute 

WWW.sans.org 

w Research, education and training 
on IT security issues. 

Center for Internet Security 


www.cisecurity.org 
= Methods and tools to improve, measure, 


There are also tested methodologies 
such as OCTAVE from the CERT Co- 
ordination Center at Carnegie Mellon 
University in Pittsburgh that help you 
build a security program to industry 
standards. Your colleagues in the se- 
curity group can help you find the 
most useful tools for your company’s 
needs. “They take the best practices 
and roll them up into a product that 
the IT manager can plug in,” Vernon 
says. “It may not be all you need, but it 
will be a far cry from where you cur- 

| rently are.” 

But don’t go tool-happy. “To secure 
every server and app is not going to 
have any ROI,” says Rick Allen, princi- 
pal at E-Security Assurance Services in 
Santa Rosa, Calif. “The level of control 
has to equal the level of risk. You don’t 
want to put a $500 security tool on an 
asset worth $50.” 

= Prioritize. “All vulnerabilities are not 
created equal,” says Larry Rogers, se- 
nior member of the technical staff at 
CERT. “Some fixes are worth the time 
spent, and some are not.” Identify criti- 
cal information assets by figuring out 
which could put the company out of 
business if they were compromised or 
damaged, says Hoelzer. 

= Focus on internal controls. “A Fort 
| Knox firewall in front of your server 





monitor and compare the security status of 
Internet-connected systems and appliances. 


Internet Security Alliance 
www. isalliance.org 

A forum for sharing information 
on security issues. 

information Security Forum 
www.securityforum.org 


# An international corporate membership 
organization whose members share informa- 


tion about security issues. 








won't help if someone can still impact 
that information due to lack of internal 
controls,” says Allen. The five basic in- 
ternal security controls are authoriza- 
tion, identification of users and sys- 
tems, authentication, integrity (includ- 
ing backups, checks and balances on 
data) and monitoring. 

= Check that you have reasonable security 


| policies and procedures in place, says Bar- 
| bara Buechner, formerly senior manag- 
| er for information security at Merck- 


Medco Managed Care LLC in Franklin 
Lakes, NJ., and now on the staff at the 


| Technology Managers Forum in New 


York. Then make sure that your com- 
pany’s reality matches what you have 


| on paper. 


= Write it up. “Address the areas that 
have been acknowledged as vulnerabil- 


| ities and put together some documen- 
| tation as to how you're going to miti- 


Vernon says. Include all the key 
costs associated with miti- 


gate,” 
issues and 


| gation. “Some vulnerabilities may be 
| accepted by the business because miti- 
| gation is too costly,” 


he says. “That’s a 


business decision.” 


= Stay real. A focused 25-page report 
pag P 


| with clear action items will accomplish 
much more than a 1,000-page report 


that will exhaust everyone’s commit- 


ment and end up on a shelf, Allen says. 


= Consider a pro. For companies with 
complex security needs, such as a legal 


| obligation to protect customer or pa- 
| tient privacy, it probably makes sense 


to contract an IT security firm. “Many 
items that would be obvious to a secu- 


| rity professional may be overlooked by 


a day-to-day administrator,” says Tom 


| Watson, project lead for information 


security at Bayer Corp. Pharmaceutical 
Division in West Haven, Conn. An out- 
side firm can perform the audit, estab- 
lish compliance guidelines and help to 
create security documentation or sim- 


| ply validate that you did your risk as- 


sessment correctly and haven’t missed 
anything. 

Remember that security is a com- 
plex and continuing challenge, and pe- 
riodic audits are a must. “It’s never the 
end of the story,” Vernon says. “Securi- 
ty is an ongoing saga.” D 





Melymuka is a Computerworld 
contributing writer. Contact her at 
kmelymuka@earthlink.net. 


ASKING THE RIGHT QUESTIONS 


Go to our Web site for a detailed questionnaire that 
experts use to assess internal security controls: 


QuickLink 35763 





More this issue: Read more about security in this 


| week's Security Manager's Journal on page 32. 
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BMWs Are Out, 
Bowling Is In 


Companies are doing their best to 
keep IT talent. 


AROSE FINALLY DID IT. 

Competing IT services firms in 
Michigan had been doing everything 
they could to move in on The Epitec 
Group Inc.’s growing IT services busi- 
ness. Underbidding on IT staffing con- 
tracts. Wining and dining corporate 
accounts. Even m: «ing plays for the 
company’s IT talent. 

So when Holly Maguire, manager of 
employee relations and “maestro of 
corporate harmony,” discovered that 
every one of Southfield, Mich.-based 
Epitec’s programmers and consultants 
had been presented a single rose and 
offered a free lunch by a competing IT 
services recruiter, she was forced to act. 

After making several phone calls to 
the competing firms’ management — 
in effect, telling them to cease and de- 
sist — Maguire met several rose recipi- 
ents for lunch to chat about their jobs 
and future prospects at Epitec. 

The lesson: It’s critical to stay in 
touch and keep key IT talent happy. 

Maguire acknowledges that belt- 
tightening has made it tough to find 
new ways to keep personnel content 
without breaking the bank. “We’ve 
never offered enormous monetary 
bonuses, but we do try hard to keep 
our IT professionals happy,” she says. 
The company uses fairly inexpensive 
employee appreciation initiatives. 

Other businesses are working harder 
to keep communication lines open, de- 
livering straight talk about corporate 
performance to help IT employees un- 
derstand, first, how well or poorly the 
company is performing and, second, 
the impact of their contributions on 
the business. 





MANAGEMENT 


For example, Cognos Inc., a busi- 
ness intelligence software company in 
Ottawa, recently staged a few in-house 
events during which a marketing exec- 
utive spoke to the IT department to 
describe how recent networking and 
software improvements had radically 
improved productivity for marketing 
executives in Australia. 

Another senior executive talked 
about how an upcoming upgrade of 
Cognos’ database to Oraclelli will dra- 
matically improve shipping and distri- 
bution processes within the company. 

The reason for the communication? 
After months of bad news about layoffs 
and other economic declines, “we 
wanted our employees to know we un- 
derstand they are working hard, and 
we appreciate their efforts,” says Rob 
Collins, CIO at Cognos. 

The significantly scaled-down 
bonuses, perks and incentives that 
budget-strapped companies have to 
offer these days are keeping IT work- 
ers on board — for now. At Epitec, for 





instance, an account repre- 
sentative visits each IT 
consultant once a month 
to talk about work or air 
grievances. The corporate 
newsletter lists employees 
recognized by peers for 
outstanding work. 

An “award patrol” deliv- 
ers special plaques and bal- 
loons to those who have 
earned praise on the job. 
The company hosts an em- 
ployee appreciation month 
featuring events like office- 
wide pizza lunches and 
family bowling nights once 
a week for four weeks. And IT staffers 
receive gifts for staying with the com- 
pany, such as a leather portfolio after 
three years and a watch at 10 years. 

In addition, while some companies 
have cut benefits such as matching 
401(k) contributions, Epitec actually 
added that benefit this year. 

Now the company boasts a 98% pro- 
ject completion rate — which means 


| IT staff assigned to specific projects 


either complete those projects or are 
hired by the client again 98% of the 
time — a statistic that Epitec says is 
unrivaled in the IT services industry. 

Keeping IT talent on board is no 
longer solely about stock options and 
designer coffees. It’s important to pro- 
vide work/life balance, say analysts 
and recruiters. And it’s “even more 
critical to connect an IT professional's 
job to specific business goals to im- 
prove your chances of retaining top 
IT talent,” says Phyllis Klees, a partner 
at Deloitte & Touche LLP’s Human 
Capital Advisory Services practice 
in San Jose. 

At Cognos, the onus is on manage- 
ment to make IT personnel understand 
the importance of their contributions 
on the job, Collins says. And that’s not 
always easy to do. The lesson is that 
“the length of an IT professional’s stay 
at any company is most affected by 
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Collins eschews a 
“culture of secrecy.” 
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whether he or she has a 
wonderful boss, good ca- 
reer growth opportunities 
and whether he or she is 
having fun,” Collins says. 

He says many companies 
fail to retain employees 
“because they think when 
times are tough, we better 
shut up.” But he says that 
behavior is completely 
wrong. “If you hide infor- 
mation from employees, 
hideous things like Enron 
can emerge. A culture of 
secrecy is not in anyone’s 
best interest,” Collins says. 

Meanwhile, recruiters, human re- 
sources executives and CIOs say that al- 
though more IT professionals are avail- 
able for hire, finding workers with the 
right skill sets to meet the increasingly 
rigorous demands set by corporations is 
difficult. “There’s more talent to choose 
from, but it’s still challenging to find 
those with the experience and skills to 
meet our corporate clients’ growing 
list of requirements,” Maguire says. 

Analysts and recruiters also say 
some companies have taken advantage 
of the skills glut to vigorously upgrade 
their IT workforces — in many cases, 
they’re firing IT workers and hiring 
lower-cost but more-skilled people to 
replace them. And some who are still 
holding on to their jobs say having a 
job right now is compensation enough. 

But CIOs and other recruiting ex- 
perts worry that after months of lay- 
offs and corporate belt-tightening, 
there will likely be much turnover as 
the need for IT talent rises, creating a 
talent shortage all over again. 

The Information Technology Associ- 
ation of America (ITAA) in December 
reported that U.S. companies hired 
359,000 IT workers between October 
and December 2002 and dismissed 
211,000 IT employees, for a net gain of 
148,000 workers. The total number of 
U.S. IT workers stood at 10.1 million 
last month, compared with 9.9 million 
in January 2002, according to the ITAA. 

The bottom line: “Most IT profession- 
als are tired of hearing continuing 
news about layoffs at companies like 
General Electric and Motorola,” says 
Maria Schaffer, an analyst at Stamford, 
Conn.-based Meta Group Inc. “If com- 
panies continue to operate purely in a 
cost-cutting mode, as soon as the eco- 
nomic situation improves, the best per- 
formers will leave.” D 





DePompa is a freelance writer and editor 
in Germantown, Md. Contact her at 
bdepompa@comcast.net. 
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BY JULIA KING 
OW CHEMICAL CO. was used 
to receiving literally thou- 
sands of résumés — via 
postal mail and e-mail — 
which would pile up and go 
ignored until a hiring man- 
ager was presented with a job requisi- 
tion for a chemist, database specialist, 
manufacturing manager or maybe a 
plant operator. Manually sifting 
through the résumés to find 
the people with the right skills 
for the job could take weeks 
or even months. Add to that 
another several weeks to con- 
tact the appropriate applicants, 
set up and conduct interviews, and re- 
view notes from those interviews, and 
a full financial quarter could pass be- 
fore a new employee was actually 
hired and working at the company 
back in early 2001. 

Today, Dow’s hiring cycle time is 
down from an average of 95 days to 30 
to 35 days. Its headhunter and other re- 
cruiting costs are down 25%, and it has 
cut its job advertising costs by 35%. 


THIS IDEA 


This is primarily the result of imple- 
menting an automated résumé-track- 
ing and worker-profile system hosted 
by RecruitSoft Inc., a San Francisco- 
based application service provider. 
The system has paid for itself within 
nine months of deployment and has 
earned a 6-to-] return on investment 
over the past two years, according to 
Jon Walker, Dow’s human resources 
global director. 


How It Works 


All job applications and ré- 
sumés generated by newspaper 
advertisements, Internet job 
boards and recruiter referrals 
are directed to Dow’s corporate Web 
site, where they are immediately fun- 


neled into the RecruitSoft system. Dow 


hiring managers who tap into the sys- 
tem’s central repository can immedi- 
ately review résumés. They can also 
create templates to ask applicants very 
specific questions in order to validate 
their experience and expertise. 

For example, for a European sales 
job opening, a template might include 
questions about the applicant’s pass- 
port status, ability to travel and lan- 
guage skills. 

“The faster you can talk to [appli- 
cants], the more you can share your 
goals and culture, and the faster you 
can make a match,” says Walker. 
“We're a science and technology com- 
pany, not just a chemical company, so 
we're trying to hire the same technolo- 
gy people as Intel or finance people as 
Merrill Lynch.” Even in a down econo- 
my, speed is critical to acquiring the 
best and the brightest talent, he notes. 

Even more useful is the system’s 
central repository, which now contains 
thousands of résumés against which 
Dow hiring managers can quickly com- 
pare incoming job requisitions. 

Walker tells the story of a young 
woman who was rejected for an audi- 
tor’s job in the office of the comptrol- 
ler. Later, a financial analyst position 
opened up in the company’s finance 
department. “But before they even 


When you hire 
someone before you 
even post the job, it 
reduces your cycle 
time immensely. 


JON WALKER, HUMAN RESOURCES 
GLOBAL DIRECTOR, DOW CHEMICAL CO. 


advertised the job, this woman’s pro- 
file popped up against the requisition, 
and they hired her on the spot. When 
you hire someone before you even post 
the job, it reduces your cycle time im- 
mensely,” Walker says. 

“Before, when we had paper ré- 
sumés, we had no centralized way to 
do any kind of consistent workflow,” 
he says. “Now the deal is we have a 
system that doesn’t sleep.” 

The Web-based RecruitSoft system 
also allows Walker to create future em- 
ployee supply-and-demand scenarios 
by analyzing the experiences, skills 
and competencies contained in worker 
profiles stored in the central reposito- 
ry. “We're now able to track the right 
people,” he says. 

Looking ahead, Walker says he fore- 
sees Dow exchanging applicant profile 
information with other companies, ex- 
cluding Dow’s direct competitors. 

“Why not do this, especially if the 
company is a customer of ours?” he 
asks. “We could go from 100,000 pro- 
files to 1 million profiles to create a tal- 
ent pool and a network that works bet- 
ter for everyone.” D 
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reaping the rewards of SAS customer intelligence 
software, call 1 866 270 5723 or visit our Web site. 


www.sas.com/customer 
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ALEX ZOGHLIN, 
chief technology 
officer at Orbitz 
LLC, will leave the 
company in April 
but plans to stay 
on as a consultant. 
Zoghiin recruited 
his own team of 
developers and 
has positioned the 
travel reservations company with 
what he estimates is a 40% cost 
savings from its Linux platform. As 
a result, Orbitz is able to offer con- 
sumers an easy-to-use online book- 
ing tool with a wide range of travel 
choices. He spoke with Computer- 
world’s Jean Consilvio about some of 
his other accomplishments at Orbitz. 


Compared with an average of less 
than 24 months, three years as CTO 
is a long time. What made you stay? 
| had some specific personal goals; 

| wanted to be part of developing the 
best software development team. 
There are key ingredients to starting 
{and building] the best companies, 
and one of them is people. . . . | want- 
ed to be part of a team that was going 
to grow through one of those spurts. 


How did you recruit your software 
team? Great developers want to work 
with great developers. . . . Our recruit- 
ment process is very painful. About 
one out of 100 applicants [is hired, 
and we have 50 to 60 developers 
now]... . . | started with a few great 
core developers and then told them 
they needed to hire people better than 
themselves. No matter where | look, | 
see people greater and better than 
those that hired them on. . . . That ex- 
cellence in people is not just in our 
software team, it's also the CEO, CFO 
and HR staff. They're great people 
that took a long time to hire because 
of the skill set, drive, desire, execu- 
tion, operational history [we look for]. 
| leave the company in great hands. 


How do you see yourself as a leader? 
| see myself standing on the shoulders 
of giants, mostly because of my hiring 
style, hiring people better than mie 
and then getting out of the way. . . . 

| spend a lot of time making sure bu- 
reaucracy doesn't get in the way of 
efficiency. And the end result is | end 
up looking really good, because | let 
the people | hire do their jobs. 








JOHN BERRY 
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ROT or Your 
Money Back 


HIS YEAR, we might witness the injection 

of a powerful new dose of value into val- 

ue-based contracting. As vendors contin- 

ue to build their sales efforts around an 

ROI narrative — and some will — their 
customers are likely to be concerned about the profit 
impact of IT investments, not just how long it takes the 
vendor to return a help desk call. 

At least a few companies are already infusing their IT 
investment decision-making with financial models to 
forecast expected returns. At the same time, more than 
a few vendors have begun to build their sales pitches 


around the ROI story. The 
emergence of these parallel 
agendas suggests that we 
will see more value-based 
contracting in the future. 
Deals will be struck in such 
a way as to reflect the cus- 
tomer’s keen desire to link 
some percentage of the IT 
vendor’s compensation to 
measurable financial out- 
comes. Should this forecast 
hold, the implications for 
the vendor/customer rela- 
tionship will be profound. 

These kinds of contrac- 
tual arrangements aren’t 
entirely new. In the broadest sense, 
value-based contracting means that 
some of a vendor’s compensation is at 
risk and dependent upon a customer 
achieving certain financially driven 
results from the IT investment. The 
ability to shift some of the cost burden 
and risks of an IT investment has been 
a powerful tool that customer compa- 
nies have used to design contracts for 
IT services, hardware and software. 
Under one value-based approach 
known as gain-sharing, vendor and 
buyer share in the quantifiable dollars 





saved or generated from 
the user’s IT project. In a 
shared risk/reward 
arrangement, the buyer 
and vendor share in the 
cost of the development 
of the project and in the 
subsequent spoils. 
Likewise, service-level 
agreements (SLA) have 
been constructed to ensure 
that predefined perfor- 
mance goals, such as sys- 
tem uptime and availabil- 
ity or tech support turn- 
around times, are met. If 
these guarantees aren’t 
met, the vendor reimburses the end 
user or pays a penalty. 

Now, how about a value-based con- 
tract with an SLA guaranteeing market 
share percentage increases, faster in- 
ventory turns, reductions in procure- 
ment errors or increases in sales per 
rep? The logic is simple: If vendors are 
determined to sell their products and 
services based on a metric-driven eco- 
nomic value message, then customers 
will expect them to earn part of their 
compensation based on these perfor- 
mance indicators. 


Is the day coming when the com- 
pany CFO cuts a check for a technol- 
ogy purchase only after the invest- 
ment reaches some threshold ROI or 
beats the expected payback period? 

If so, vendors are facing a more 
demanding marketplace in which the 
financial returns they peddle in their 
sales and marketing efforts become 
the foundation of rigorous financially 
driven SLAs. This puts their compen- 
sation at risk. 

The implications of this arrange- 
ment are equally profound for the cus- 
tomer. Metrics built into such SLAs 
will oblige the buyer to treat the ven- 
dor as a true business partner, perhaps 
for the first time. 

The prospective customer will be 
required to share sensitive business 
process data, its cost structures and 
perhaps its road map for future prod- 
uct or service innovation. Many com- 
panies shopping for IT resist sharing 
cost data, let alone the value drivers 
moving the organization. Given the 
kind of strategic, consultative role the 
vendor will inevitably find itself in as 
it negotiates the sales contract, there’s 
no avoiding the fact that buyer and 
seller will need to slow-dance through 
the process, not bang heads in the 
mosh pit, as uncomfortable as that 
dance might be. 

How can this new value-based rela- 
tionship flourish otherwise? If the 
prospect seeks an arrangement in 
which it pays for IT based upon ROI 
results but then refuses to reveal the 
unique levers that drive its profitabil- 
ity, how can an equitable contract be 
drafted? Vendors would likely feel 
as if the wool was being pulled over 
their eyes. D 
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and maintain web-based applica- 
tion software in a client/server’ 
environment using C, C++, Visual 
C++, Visual Basic, MFC, SDK 
Win 32 API, COM/DCOM, ATL. 
MS.NET Framework, OOAD/UML. 
VC++.NET, C#, ASP.NET, MS 
Access, VBA, XML, HTML. 
DHTML, ASP, ADO, SQL Server, 
Oracle, Active-X, Crystal Reports 
and Rational Rose; Mentor junior’ 
Programmers. Require: B.S. de- 
gree in Computer Science, an 
Engineering discipline, or 2 close- 
ly related field with two years of| 
experience in the job offered or as 
a Software Engineer/Consultant. 
Extensive travel on assignments to 
various client sites within the U.S. 
is required. Competitive salary 
offered. Apply by resume to: Shri 
Gangal President Syspro 
Technologies, Inc., 3091 Holcomb 
Bridge Rd., Suite H-2, Norcross. 
GA 30071; Attn: Job GG 


Software Engineers needed 
Seeking candidates possessing 
MS/BS or equiv. and/or rel. work 
experience. Part of the req. rel 
work exp. must include 1 years 
working with Java, J2EE & 
Serviets Duties include: 
Research, design and develop 
internevintranet based software 
applications; build web architec- 
ture and provide technical sup- 
port to client websites. 
Experience with XML, JSP and 
Oracle a plus. Must be willing to 
travel & relocate. Mail res., & ref 
to: Aptare inc., 627 Peachtree 
Ct., Campbell, CA 95008. 


Various 
Openings 


We have openings for 
Design Specialist, Game 
Designer, Producer, 
Software Engineer and 
Programmer/Analyst. 
Los Angeles areas. Send 
resumes to 3100 Ocean 
Park Bivd., Santa 
Monica, CA 90405 


Talent is 
the fuel of 
the new 
economy. 


Ifcareers and 
TTcaréers.com 
can put your 
message in front 
fo) ae eo) ae) Oh 
BM eects 
If you want to 
int cole 
iar ke your way 
into our pages. 
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Programmer Analysts needed 

A leading governmental organi- 
zation has excellent career 
opportunities for qualified indi- 
viduals to join our IT team 
Candidates must possess a BS 
or equivalent in Engineering, 
MIS, Business, or related field 
Relevant experience may be 
substituted. Requires three or 
more years experience analyz- 
ing software requirements and 
performing software develop- 
ment in a client server environ- 
ment. Must be able to work with 
the following: Oracle Forms and 
Reports with PL/SQL program- 
ming, VB, ERWIN. Oracle 9i 
database knowledge with Oracle 
certification preferred. Some 
duties include database, design 
development and implementa- 
tion of custom applications. Mail 
resume and references to 
ATTN: HR Manager, 2910 East 
Sth Street, Austin, TX 78702 


Software Engineer. Develop, de- 
sign and modify applications soft- 
ware or specialized utility programs 
using PeopleSoft in the implemen- 
tation of Enterprise Resource 
Planning. Analyze user needs and 
develop and impiement solutions to 
meet business and operational 
needs within Human Resources. 
Design or customize software using 
PeopleSoft. Participate in system 
testing and problem resolution 
Requires: M.S. degree (or foreign 
equiv.) in Comp. Science, Eng. or 
related field. 3 yrs. exp. in the job 
offered or as Analyst or Program- 
mer. Exp., which may have been 
obtained concurrently, must inciude 
3 yrs. exp. developing applications 
for Enterprise Resource Planning 
and 3 yrs. exp. using PeopleSoft 
EOE. 40 hrs./wk.; 8:00 a.m. to 5:00 
p.m. Send resume (no calls) to: 
Steven Herrmann, CTG, Inc., 52 
East Market Street, 3° Floor 
Corning, NY 14830-2709. 


Applications Consultants 
needed: Seeking qualified 
candidates possessing 
MS/BS or equiv. arid/or rel 
work exp. Part of the req. rel 
work exp. must include two 
years working with SAP 
Duties inciude: Research, 
design and develop software 
applications; analyze soft- 
ware requirements and pro- 
vide technical support. Mail 
res., ref. and sal. req. to: e- 
Prosoftgroup, LLC, 5617 
Byrneland St., Madison, WI 
53711 


Software Engineer - Dev & 
dsgn comp software relat- 
ing to MS comp networks 
used in web development & 
e-commerce industry in S. 
& Latin America. BS in 
Comp Engineering, knowl- 
edge of MFC, MS.net 
Architecture, visual C++ 
VB, Java, Scripting and 
SQL databases reqd w/ 2 
yrs exp. Apply to Personnel, 
Emida Managed Systems, 
LLC, 2200 S. Dixie Hwy, 
#603, Miami, FL 33133. 


Software Engineers needed 
Seeking candidates possessing 
MS/BS or equiv. and/or rel. work 
experience. Part of the req. rel 
work exp. must include 1 year 
designing, implementing and 
Supporting multi-tier systems 
working with EJB technologies 
and RDMS. Duties include 
Analyze, design and develop 
technical workflow of projects 
and provide tech support to 
client websites and apps 
Experience with JSP/HTML/ 
DHTML, CSS & JavaScript a 
plus. Mail res., & ref. to: Guzman 
& Company, 1200 Brickell Ave. 
14th Floor, Miami, FL 33131 
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Universal Business Consulting, 
Inc has openings in Delaware & 
nationwide for computer proffis 
w/2 yrs of exp in the foll skills 
VB, VBScript. Delphi, Java. 
JavaScript, J2EE, JVMPi, JNI 
JDI, EJB, JBuilder, Visual Age 
for Java, PB, C++, VC++ 
COM/DCOM, SQL _ Server 
HTML/DHTML, Active X, Site 
Server, lIS, ASP, JSP, Web 
Logic, WebSphere Visual 
Source Safe CORBA 
(Visibroker), CodeWright, Kawa. 
EDI, CGi/Peri, CSS, XML, XSL 
DSDM, TCP/IP, CML, COBOL- 
lt, VS-COBOL, IMS, DB2, CICS. 
JCL, VSAM, TSO/ISPF, DB2 
Stored Procedures, MQSeries 
Oracle, PL/SQL, Oracle Forms 
Orale Reports, Oracle Appl's 
Manufacturing, Fin'ls & Supply 
Chain Mgmnt, Oracle 111 CRM 
Appl's OneWorld XE 
Sunsolaris Admin,Broadvision 
OLAP, Actuate Reporting, Bus 
Objects, SAP, ABAP/4, Cognos 
Impromptu, SOAP, UML, File 
Aid, QMF, RogueWave, Novell 
Netware, Win NT/2000, Unix & 
Shell Scripting. Positions req 
Bachs Deg or Mast Deg 
Equivalent deg & exp is accept- 
ed. Send res 
hrd@ubcincorp.com 


COMSYS is an established IT 
consulting firm that serves lead- 
ing corporations including 174 
of the Fortune 500. With COM- 
SYS, you get: Extensive 
Benefits, Additional Compen- 
sation for referrals, and 
Professional Challenges with 
training and assignments to 
keep you at the forefront of 
technology. With 30 offices, we 
need the services of experi- 
enced consultants across the 
us 


* Computer Programmers 
+ Programmer Analysts 

+ Systems Analyst 

+ Software Engineers 

+ User Support Specialists 
* BA's 

+ Business Analysts 

+ Project Leaders 


Submit resume to: 
COMSYS 
3030 LBJ Freeway 


972-960-0914 
EOE/M/F/OV 


Lead Software Engineer (2) 

Technical design/coding/funct 
design, rsch technol., lead fea- 
ture sub-teams, screen & pro- 
vide orient. to Soft. Eng., know!l- 
edge source for soft. develop. 
assist support org. by answer 
quest. & work on critical cust. 
issues Master's degree in 
Comp. Sc., Eng., or rel. field or 
bachelor's degree in same fields 
+ 5 years progr. exp. as Soft 
Developer, Soft. Eng or 
Programr/Analyst req'd. Must 
be proficient in Windows 
NT/2000/De!phi/MS SQL/Report 
or Power Builder/COM/DCOM 
$83,073/yr - $85,550/yr, 40 
hrs/wk, OT as need. Send 
resume: D. Root, HR Director. 
Alogent, 4005 Windward Plaza. 
Alpharetta, GA 30005. 


Programmer Analysts 
needed. Seeking qual. 
cand. possessing BS or 
equiv. and/or relevant 
work exp. 1 year of the 
required relevant expe- 
rience must include 
working with J2EE, Unix 
& iPlanet. Mail resume 
& ref. to: iCompliance, 
Inc., 4955 Evergreen 
Valley Way, Alpharetta, 
GA 30022, ATTN: HR 


De La Rue Cash Systems is seek- 
ing a Systems Tearn Leader for’ 
Lisle, IL. Candidate will direct a 
team of programmers who will 
develop and maintain systems and 
applications used to manufacture. 
service and maintain: (1) teller cash 
dispenser and currency counters 
using pattern and magnetic coun 
terfeit detection methods, and (2 
high volume coin counter and coun- 
terfeit rejection machines for use in 
banks and financial institution. Will 
direct programmers using Oracie 
products operating in a UNIX envi- 
ronment and manage Crystal 
Enterprise operating on an IBM 
ASA 400 computer tc « manu- 
facturing lead times and delivery of 
TCD and high volume coin and cur- 
rency counters to insure contracts 
are completed as required. Will 
direct team members to verify data’ 
int y and to maintain proper 
data recovery and backup systems 
and hardware failures. Will also 
direct tearn members using Crystal 
Reports and Crystal Enterprises to 
provide various reports including 
statistical data of service response 
repair times. Please send resumes 
to Information Technology Depart- 
ment, 705 South 12th Street 
Watertown, W! 53094 


SENIOR SOFTWARE ENGINEER 
to install, configure, maintain and 
Jbleshoot UNIX servers under 
SUN Solaris and AIX operating sys- 
tems using DNS, NIS, NFS, Veri- 
tas NetBackup and Tivoli 
Manager: Develop sp 
scripts to automate and monitor 
produc oper Ss using Sheil 
Install and configure software in- 
cluding Oracle, HACMP, IBM ESS 
SHARK, EMC SAN, RS SP2 
SUN Solaris E10000, Veritas 
Cluster, LANFREE backup, Oracle 
Financial, PeopleSoft, P690 Regat- 
ta er and Disaster rec y of 
SP2; Support Si Area Net- 
work and enterprise-ciass RAID 
arrays; Conc hardware 
and software au f UNIX ser 
vers for pliance with estab- 
lished standards, procedures and 
guration jelines; Monitor 
and tune system for opt per 
formance. Require: Bachelor's de- 
gree in Computer Science/Engin- 
eering, or a closely relat 
with five years of progre 
responsible experience in 
offered or as a Systems 


trator. Extensiv avel assign- 
ments to vario ent sites within 
the U.S. is required. Competitive 
salary offered. A ‘esume to: 
Ramona Moody, Lend Lease Real 
Estate Investments, 3424 Peach- 
tree Road, NE, Suite 800, Atianta 
GA 30326; Attn: Job SD. 


Data Warehouse Analyst 
- Min Edu - Bachelor's 
Degree or equi, Min 
Exp-Adequate industry 
experience. Job may 
involve working at vari- 
OQus unanticipated loca- 
tions throughout the US 
Please send resumes to 
e-centives, inc., Attn 
HR, 950 Tower Lane, 
Suite # 1750, Foster 
City, CA 94404 


Computers: Programmer Analy- 
sts needed: Seeking candidates 
possessing BS or equiv. and/or 
rel. work experience. Part of the 
req. rel. work exp. must include 
2 years working with Oracie 
Designer, Developer, Applica- 
tion Server and PLSQL. JAVA 
and Oracle cluster experience a 
plus. Duties include: Design 
develop and implement Oracle 
database applications; Perform 
data modeling & analyze and 
resolve technical problems. Mail 
res. & ref. to: American 
Arbitration Association, Atten-j 
tion: Human Resources, 335 
Madison Ave Floor 10, NY 
10017 Equal Opportunity 
Employer M/F/H 
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S/W Engineers to lead teams to 
analyze, design, develop, test 
and implement Software Appis 
using Oracle RDBMS, Oracle 
Financial ERP Applis, PL/SCi, 
XML, Perl, Pro*C, C++, Unix 
Shell Scripting and Object 
Oriented Techniques on Sun 
Solaris, Unix and Windows OS: 
perform database admin. and 
tuning; interact with clients for 
req analysis and feasibility 
study; evaluate team members 
& train end users.Require: MS 
or foreign equiv in CS/Engg (any 
branch) with 3 yrs exp or BS in 
Finance/Business or foreign 
equiv in any of the above field 
with 5 yrs relevant progressive 
exp. F/T. High Salary. Travel 
involved. Resume to: HR 
Fourth Technologies, Inc., 1108 
N. Bethlehem Pike, Suite 8 
Lower Gwynedd, PA 19002 


IT ARCHITECTURE PRO- 
JECT MANAGER - Direct & 
coord. IT projects w/ fin. ind 
clients mainly German 
banks. Req'd: Fin. MBA & 4 
yrs. exp. in job or Soft 
Development job wiin fin. ind 
Fluency in Germany; ext. exp 
w/ IT projs. & BAin CS or rel'd 
field Exp. w/ Kondor+, 
Oracle, Sybase, ACBS, & 
SQL. Send resumes to 
Levada Consulting, Inc. 303 
South Brdwy, Ste. 100 
Tarrytown, NY 10591. Attn 
M. Holzmann 


Software Developer 
Full-time position in Wheaton, 
IL. In this position you will deliv- 
er quality code in a collaborative 
environment, as well as docu- 
ment and communicate techni- 
cal and architecture information 
as needed. Required: Master's 
degree in Engineering, Computer 
Science or related field; 1+ year 
of experience in developing N- 
tier DNA application using ASP, 
VB.COM, DCOM, SQL, server 
javascript, remote scripting; 6+ 
months experience in develop- 
ing in Web Farm Environment 
and 6+ months of development 
experience in ASP.net, VB.net 
XML, XSL and Xpath. Contact 
miwinski@warrantycheck.com 


IP Support Engineer wanted 
at our location in Nutley, NJ to 
Support technicai issues for 
scheduled daily Network 
Migration for Reuters Product 
and instinet. Bachelor's de- 
gree in Telecommunications 
or a related field and at least 2 
years of experience in Tele- 
communications required. Ex- 
perience must include TCP/IP 
and Cisco. Must speak 
Cantonese. Please e-mail 
resumes to Rebecca.gusta 
mente@radianz.com (sub- 
ject: Code 0312) 


Software Engineer 


Design, develop & maintain soft- 
ware for weather analysis system 
Build communication system with 
weather sensors & radar data cen- 
ter. Research & develop visualiza- 
tion rendering system for weather 
data. M.S. in CS or rel. & 6 mos 
exp. in above pos. or rel. w/abil. to 
use C/C++, VC++, Win32, 2D/3D 
computer graphics, Image pro- 
cessing, GIS, Oracle, SQL, HTML 
multiport seria! //O comm 
protocols. 40.0 hriwk. 9-5 3 
resume to: Mr. John W. Wessinger. 
Chief Operating Officer, Baron 
Services, Inc., 4930 Research Dr 
Huntsville, AL 35805 


Consulting Svcs. Engr. Atlanta, 
GA. Mult. openings. Consult w/ 
clients & potential clients on 
transportation resources & 
needs. Design & impli. strate- 
gies for more efficient use of 
client resources, using company 
transp. planning technologies. 
Document client's _transp 
reqmts. & propose solutions 
Apply company techs. to enable 
planning sys. integration w/ 
existing client sys., impl. client- 
specific software code & 
processes. Req.: MS in Indus 
Eng. Working knowledge (acad- 
emic coursework or exp.) of 
Visual Basic, Java, C++, SQL & 
NT Server, logistical analysis to 
improve efficiency; & supply 
chain principles. Pass mandato- 
ty proficiency test. Résumé 
Velant, Inc., Attn: Recruiting 
900 Circle 75 Pkwy., Ste. 300 
Atlanta, GA 30339. 


Software Engineer Ii (2 open- 
ings): Develop, integrate and 
customize software cornponents 
into wireless products. Work w: 
GSM/GPRS Protocol stack 
development and prototype 
hardware; source 3rd party soft- 
ware and internally develop soft- 
ware components using C/C++, 
Real-time O.S., Unix. Also 
debug both software and hard- 
ware. Req. Bachelor's in C.S 
E.E. or related field + a min. of 2 
yr exp. in job offered. Resume to 
HR Matsushita Mobile 
Communications Development 
Co, 1225 Northbrook Pkwy 
Suwanee, GA 30024 


Sr. Programming Analyst 
(multiple positions). Design 
customized techn appl pro- 
grams. Install & config pro- 
gram prod. Determine tech 
infrastructure & comm. Req 
Test appl. Analyze, design & 
develop app. Interfaces using 
IBM AS400, RPGLE, C/400 & 
Java/400. Req. BS in Comp. 
Sci., Comp Eng. Or Elect 
Eng. And 5 yrs exp as Pro- 
grammer. 40 hr/wk. Job/inter- 
view site: Irvine, CA. Send 
resume to SVI Solutions, 
5607 Palmer Way, Carlsbad, 
CA 92008 


Database Administrator, 
Electronics Distribution Co. 
Minimum 6 years exp. 
Design, program, and 
implement database appli- 
cations. Provide database 
systems administration, 
including managing users, 
defining user security poli- 
cies, and disaster recovery. 
40 hrs/wk, 9AM-5PM 
Competitive salary. Send 
resume to Whale 
Enterprise, 5730 Oakbrook 
Pkwy., Ste 175, Norcross, 
GA, 30093 


Software Engineer — Min 2 
yrs exp Duties include 
analysis, design & develop- 
ment of commercial applica- 
tions including data model- 
ing & database design using 
COLD FUSION, ASP, COM, 
MFC, VC++, Verity Search 
Engine, NetGenesis, Java, 
EJB and Oracle database. 
Must have Master's degree 
in Comp Sci, Comp Engg or 
Elec Engg. Send resume to: 
Netage Consulting, Inc., 810 
Eisenhower Blvd, Suite 21, 
Middletown, PA 17057 


| BONN aces 


Business & Information Systems 
Administrator. Administer and 
manage company information| 
structure. Perform all IS related 
functions. Support, maintain, 
and enhance current 
Edwards ERP system 
achieve business strategies and 
objectives. Create, maintain. 
and distribute business reports 
from ERP system. Design and 
maintain company custom soft- 
ware. Oversee and perform all 
IT related functions. Position is 
located in York, Nebraska. B.S 
degree req'd (or equiv. educa- 
tion or experience) w/ major in 
Comp. Sci. or related field. 2 yrs 
of experience req'd. Must have 
proof of legal authority to work in 
the United States. Send resume 
to Joe Kardos, 15159 Andrew 
Jackson Hwy 76 West, Fair 
Bluff, NC, 28439. This adver- 
tisement is paid for by the 
employer. 


Asst. Data Analyst. Asst 
Data Anaiyst in analyzing 
req., proc. & prob. to 
design, develop & test 
S/W app. to process or 
improve existing comp 
Sys. Req: BS in Comp. 
Sci. or Info. Sys. 40 
hr/wk. Job/Interview Site: 
Lawndale, CA. Send 
resume to Globiwest 
Mgmt. Consultants, Inc., 
14814 Hawthorne Bivd., 
Lawndale, CA 90260. 


Software Engineer, Medical Appli- 
cations. Design, develop and test 
software for radiation treatment 
planning systems including proto- 
type development, Client-Server 
model development, algorithm im- 
plementation, and extensive valida- 
tion testing in conformance with 
FDA requirements utilizing Motif, C 
(including pointer memory manage: 
ment), C++ and UNIX shell scripts. 
Requires BS in Computer Science. 
Engineering, Physics or related 
field. Must be presently eligible for 
permanent employment in the U.S 
Send resume to Human Resour- 
ces, Attn: JFB, Computerized 
Medical Systems, 1195 Corporate 
Lake Dr., St. Louis, MO 63122 


Engineers needed in Santa 
Clara, CA to develop lab 
automation applications soft- 
ware using graphical pro- 
gramming and object oriented 
programming languages. Use 
ASP, Java Script, JSP for web 
based applications. Must 
have a Bachelor's degree in 
Electrical Eng and 1 1/2 yrs. 
exp. in job offered performing 
duties listed above. E-mail 
resumes to ruth.hale@vi- 
tech.com at VI Technology 
Put code ENG on the resume 


'W Engineers to analyze 
design, develop client server 
appis with OO methodology 
using Java, C, C++, VC++ 
J2EE, XML, UML, JavaScript, 
COM, CORBA, etc. on Weblogic 
IS under Windows, UNIX, DOS 
OS; interact with clients & ana- 
lyze user needs; customize soft- 
ware for client use to optimize 
operational efficiency; assist in 
quality assurance. Require MS 
or foreign equiv. in CS/Engg (any 
branch) and 1 yr exp in IT. High 
salary. Travel required. Send 
Resumes to: HR, Opal Soft, Inc 
3150 Almaden Expwy Ste 205. 
San Jose, CA 95118 


MET2S 


NET2S is a leading International 
Consulting and Engineering firm 
specializing in communications 
technologies. We are presently 
seeking to fill the following posi- 
tions. 


Business Analyst (NYC) 


Develop and implement marketing 
strategies. Manage sales life cycle 
including client presentations and 
negotiations. Oversee project 
management including deploy- 
ment and roll out. Co-manage pro- 
ject center. 


Must possess excellent communi. 
cation skills as well.All positions 
require BS/MS degree with a min- 
imum of 2 to 3 years of experience 
in the field. Must possess excel- 
lent communication skills as well 


NET2S, 82 Wail Street Suite 400, 
New York, NY 10005; Fax: (212) 
279- 1960; Phone (212) 279-6565; 
or Email: jobus-ny@net2s.com 


Data base analyst. 


Full time. competitive salary 
offered. Requires bachelor 
degree in computer science 
and 2 yrs experience in job of 
software or programmer ana- 
lyst. Experience to include use 
of visual basic v, c++, Msacess 
and SQL server. Must have 
proof of legal authority to work 
permanently in the U.S. no 
phone calls. Interested appli- 
cants should send resume to 
Nick Shah, Chem - Impex int 
Inc, 935 north dillon wood, 
dale, IL 60191 


It’s*Fast. 


It Crosses 
Worlds & 
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Libsys, inc. a fast growing software 
Development Company is looking 
for 


Computer Consultants: 

Should have a bachelor's degree in 
computer science/related field with 
2 years experience in 5 of the fol- 
lowing: Oracle Java, J2EE, HTML, 
Java Script, EJB, XDI, Web Server, 
Magic, TCP/IP, Oracle, XML, 
DB2,OS/MF/COBOL, VB, Tera- 
data, Crystal reports. 


We accept foreign education 
equivalent of the degree, or the 
degree equivalent in education 
and experience. 


Send Resume to SIVA@LIBSYS 
INC.COM Attn: 9241 Fairway 211, 
Des Plaines, IL 60016 


Senior Project Leaders 


Abbott Laboratories in Bed- 
ford, MA seeks qualified 
Senior Project Leaders 
Bachelors degree in Comput- 
er Science, Computer Tech- 
nology or related required 
with experience in architec- 
ture, design and development 
of Component Based Tech- 
nologies. Respond by mail to 
Abbott Laboratories, Dept 
323, Bldg. AP6D2, 100 Abbott 
Park Road, Abbott Park IL 
60064-32537. An EOE. Refer 
to ad code: KE-MED-121 


Software Enng - Develop 
and maintain comp. sys- 
tems for trading, comm., 
inter/intranet businesses, 
etc. utilize SAS platforms, 
Oracle, SQL Server, etc 
Provide tech. supp. in OS 
internals, etc.; Min. 3/yrs 
exp. in job offd or related 
and B.S. in Enng, Bus. or; 
related Exp. ref. req'd. 
Send res: Anid Infosoft 
2204 Haley St. Oxford, MS 
38655 


Programmer 
Developing software applica- 
tions for the company; updating 
existing applications; solving 
database & networking prob- 
lems. B.S. in C.S. or rel.w/abil 
to use C, Java, VB, ASP, SQL 
Perl, JavaScript, Visual C++ 
HTML. Must be Sun Certified 
Programmer for Java, & 
Microsoft Certified Database 
Administrator. 40 hr/wk. 9-5 
Resume to: Ms. Saphura S 
Long, President, The Prize 
Corporation, 5959 Shallowford 
Road, Suite 309, Chattanooga. 
TN 37415. 


tem ts 


Pay Vem dha! 
us! 


IT careers.com reach 
more than 2/3 of all US 
IT workers every week. 
If you need to hire top 
talent, start by hiring us. 


Call your IT careers 
Sales Representative or 
Nancy Percival at 

| 1-800-762-2977. 
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1.T. Systems Analyst. Analyze busi. 
feq'ts / processes; Map / configure’ 

process in SAP R/3 Busi. 
Warehouse (BW) and Strategic 
Enterprise Mgmt (SEM) modules; 
Develop / implement BW and SEM 
modules in SAP R/3; Develop 
Datamarts / Bex Queries; Design 
Infocubes; Create custom infosys- 
tem; Create reports in BW / SEM 
moduies; Develop / publish SEM 
planning functions. 


B.S. in Comp. Sc, EE, Electronics, 
or similar + 18 mo. exp. in SAP 
3. In-depth know. of BW, SEM 
Quality Mgmt, SAP Portals. 
$100,000.00/yr. Travel req'd 
Work site locations vary. Must 
have perm. work auth. to be 
in the U.S Send 
McKeesport 

CareerLink, ES Supervisor, 345 
Fifth Ave., McKeesport, PA 15132- 
2600. Refer to job order # 301989. 


SAS Programmer Analyst 
Utilize statistical tools and meth- 
ods to develop/write computer 
programs for clinical studies 
using Statistical Analysis 
System (SAS), MVS, JCL, TSO, 
ISPF, DB2, Win 2000. Bachelor 
degree in MIS, Stat, or sirn field, 
or equiv, req'd, as is 2 yrs exp as 
a SAS P/A or in a stat prog posi- 
tion. In lieu of a bach degree and 
2 yrs exp, employer will accept 
masters degree, or equiv in edu 
or exp. Prior exp or edu must 
include exp with SAS and clini- 
cal studies. Competitive salary. 
May be assigned to various 
locations in US. Resumes: W 
Tankersley, Resource Mgr, 
Computer Task Group, Inc, Job 
No 1886.31, 5875 Castile Creek 
Pkwy, Ste 208, Indianapolis, IN 
46250. 


Several computer related 
positions available for 
large software develop- 
ment, support and sales 
company. Degree, techni- 
cal skills & experience 
vary per position. Send 
resume to Susan Stubbs 
MAPICS, _ Inc 1000 
Windward Concourse 
Suite 100, 

Georgia 


Sunrise Systems Inc., has 
multiple openings in PA, NY 
& NJ areas for experienced 
pros. System/ Prog Analysts 
Database Admin/ Analysts. 
Database Dev/ Designers, 
Software/ Computer Engr 
Unix/ Network/ NT Admin in 
the areas of Oracle, Unix, C/ 
C++, Windows NT, Java, Web 
Development, SAP, etc. We 
offercompetitive salary based 
on experience. Send resume 
to:Sunrise Systems inc. PO 
Box 4647 Metuchen, NJ 
08840 


Stellar Services seeks an 
experienced systems engi- 
neer. Must have a Master's 
degree in Computer Science/ 
Engineering, and 2 years of 
experience in Web access 
security, and Windows NT 
environment analysis, and 
design. Knowledge in security 
protocols & architecture, Virus 
protection and strong techni- 
cal writing skill are required. 
Please send resume and 
cover letter to HR Dept., 156 
5th Avenue, Suite 1134, New 
York, NY 10010. 


| Ren Vias aes 


Manager, Lead and Senior 
Consultant positions in 
Washington, DC, Philadelphia, 
McLean, Va. Position’s require 
bachelor's (some positions 

require master's) degree in 
Computer Science, Engineering 
(any field), Business, Information 
Systems or related field and 2 to 5 
yrs of experience in systems 
analysis, development or manage- 
ment, database or systems 
requirements or consulting, project 
or engagement management, or 
related exp 


Competitive salary and benefit 
offered. Please fax resume to 
1-888-APPLYDT and identify 
job code: ERNOIVRCPWM. 


Deloitte & Touche LLP is an equal 
opportunity firm.We recruit 
employ, train, compensate and 
promote without regard to race 
religion, creed, color, national ori- 
gin, age, gender, sexual orienta- 
tion, marital status, disability or 
veteran status. 


Database Administrator (Tera- 
data & SQL Server) Business 
Objects Administrator. install 
upgrade, configure & consoli- 
date database servers; monitor 
resource, database usage & 
security; assist w/logical dsgns, 
physical impimtn of data & 
Capacity planning; dvip custom 
ETL tools & disaster recovery 
plans; perform Business Objects 
s/ware installation, upgrade & 
admin. BS in Comp Sci, MIS. 
Engg or related field +1 yr exp in 
job offd or as Database Admin 
or similar duties under different 
job title. Exp to incl Teradata 
DBA, SQL Server DBA, & 
Microstrategy & Business 
Objects Admin 40hrs/wk 
$55,216/yr. Must have proof of 
legal auth to work in US. Send 
your resume to IA Workforce 
Center, 215 Keo Way, Suite 100. 
Des Moines, IA 50309-1727 
Please refer to Job Order 
141101660. Employer paid ad. 


SOFTWARE ENGINEERS (8 posi- 
tions): require Bachelor's in Engin- 
eering/Computer Science/Mathe- 
matics/Science or closely related 
field with experience providing 
skills in described duties, at 
$65,000 per year; Senior Software 
Engineers (8 positions) with Mas- 
ter's and two years experience, at 
$70,000 per year. Provide on-site 
consulting in design, analysis and 
development of software applica- 
tions for legacy systems in IBM 
mainframe environment; develop- 
ment and administration in Oracle. 
DB2, SQL Server and Sybase; e- 
commerce and web applications 
development in Microsoft, Java 
and related technologies; network 
management systems develop- 
ment with Netscape Server and 
related tools; SAP R/3 applications. 
on Windows with DOS and 
ABAP/4 and related modules. 40% 
travel to client sites in the United 
States. Mail resumes to: YASH 
Technologies, Inc., Human Re- 
sources, 605 17" Avenue, Suite 1 
East Moline, IL 61244 


Director of S/ware Applics & 
Prgmg-LA. Manage & coord 
comp. prgmg & s/ware applic 
activities. Bach in comp. sci 
CIS or reitd comp. fid +4 yr 
exp in job offd or as s/ware 
dvipmt mgr. Must be proficient 
in Code Warrior on MacOS, 
MS Visual C++, x86 Ass- 
embly, Power PC Assembly, 
Nintendo GameCube OS & 
Python, & familiar w/3-D 
graphics & human interface 
dsgn. Send resume & ltr to 
Wendy McAfee, Vivendi 
Universal Games, 6080 
Center Dr., Los Angeles, CA 
90045. 


DATABASE ADMINISTRA- 
TORS: Following design specifi- 
cations and instructions from 
senior database managers and 
database architects, DBAs will 
apply knowledge of data base 
management systems to: design 
logicai and physical data bases; 
coordinate physical changes to 
data bases and codes; and 
tests, maintain and implement 
physical data base. Duties 
include: assist in the day-to-day 
operation of Oracle data base. 
systems in UNIX mainframe 
environment including ETL, 
table creation, table analysis, 
table indexing, query creation 
and implement query and ETL 
requests from internal staff ana- 
lysts and scientists using 
ACCESS or another database. 
system. Min. Reqts.: BS/BA (for- 
eign equivalent accepted) in CS. 
IT, EE or related AND 2 yrs exp 
in job offered OR 2 yrs exp. in 
related occup. as Oracle Data 
Base Administrator. PLUS, must 
have demonstrated knowledge 
of: (1) Oracle data base archi- 
tecture in UNIX mainframe envi- 
ronment; (2) SQL, PL/SQL and 
SQL Loader; and (3) data base 
maintenance. Basic pay is 
$63,200 per year for full-time 
employment (Mon-Fri., 9-5) and 
standard company benefits 
EEO. Submit 2 resumes and 
respond to Case No. 200115268 
and or Case No. 20015267 
Labor Exchange Office, 19 
Staniford Street, 1st Floor 
Boston, MA 02114 


IT Specialist (Denver) - Order. 
install, maintain, configure & 
implement MVS & OS/3S0 soft- 
ware prod., relating to DB2 & 
CICS on an IBM mainframe. 
Track changes using Vantive's 
PCRM prod. for release imple- 
mentation. Perform Systems 
Admin. functions for DB2, CICS 
& assoc. products using SMP/E 
JCL, VSAM, JES3, TSO/SPF, 
BMC tools, CAFC, Oracle 
Gateway, SEQUELLINK, Main- 
view for DB2, & Network Data 
Mover (NDM); Troubleshoot & 
maintain software prod. & 
OS/390 to ensure problems are 
rapidly diagnosed & fixed; par- 
ticipating in Hotsite planning & 
regularly scheduled disaster 
recovery tests; Perform capacity 
mgmt & tuning activities incl 
definition & modification of data- 
bases & assist w/implementa- 
tion of an optimal relational data- 
base design. Req: 2 yr exp SW 
Eng/DB Admin, + Wkg knowl- 
edge of: DB2 & CICS Sys 
Programming on IBM Mainframe 
w/OS/390; DB2 DBA,SMP/E 
JCL, VSAM, JES3, TSO/ISPF. 
BMC Tools, CAFC, Oracle 
Gateway, SEQUELLINK, Main- 
view for DB2, Network Data 
Mover; Hot site planning, capac- 
ity planning, physical database 
design; Send resumes 
Colorado Dept of Labor. 

Park Central, Suite 400. 
Arapahoe Street, Denver. 
80202. Ref job #CO5036000. 


NET2S is a leading International 
Consulting and Engineering firm 
specializing in communications 
technologies. We are presently 
seeking to fill the following posi- 
tions: 


* Sr. Tibco (RV, Integration Mgr) 
Developer 

+ TIBCO/TRIARCH Systems 
Engineer 

* Sr. Security Systems Engineer 


All positions require BS/MS de- 
gree with a minimum of 2 to 3 
years of experience in the field 
Must possess excelient communi- 
cation skills as well. 


NET2S, 82 Wall Street Suite 400 
New York, NY 10005; Fax: (212) 
279- 1960; Phone (212) 279-6565; 
or Email: jobus-ny@net2s.com 


Boehringer Ingelheim Pharma- 
ceuticals, Inc. has an immediate 
opening in its Ridgefield 
Connecticut facility for the posi- 
tion of Lead Business Analyst 


Provide business knowledge and 
technical leadership in identifying 
Projects, conducting feasibility 
Studies, evaluating system de- 
sign and determining cost/benefit 
and economic justification on all 
IT projects to address the sys- 
tems and technology needs of the 
assigned business area 


Must possess a Bachelor's 
degree or its equivalent in 
Business Administration, Compu- 
ter Science, Information Systems 
or a related field and relevant 
experience with SAP-Business 
Analysis skills in SD and HR 
modules, the development of 
custom database programs using 
Oracle, Visual Basic and SQL- 
based RDBMS, automated tools 
to automate SAP test script spec- 
ifications and Software Project 
Implementation and Analysis. 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code AD- 
GCD/GC0103 or it will be reject- 
ed 


Forward resume to: Bi Staffing 
Center, PO Box 534, Waltham 
MA 02454. Fax number: (781) 
663-2431 

Email: BIPI@BI-careers.com 


Unix Systems Administrator 
(Info Tech Specialist 4). Support 
client/server applics on ITD & 
agency servers on an enterprise 
LAN/WAN & Internet envrmt. 
incl all phases of AIX admin in 
complex internet envrmts; web 
admin, inc! setup & maintenance 
of WebSphere, SSL, MQ Series. 
& DB2; shell scripting in CSH & 
KSH; provide dsgn services for 
high availability, high capacity 
secure hardware platforms; & 
service related to entire matrix of 
ITD provided, cooperative, or 
agency consulting. BS in Comp 
Sci, MIS or Engg or equiv edu- 
cation & exp +2 yrs exp in job 
offd or as Comp Consultant or 
similar duties under different job 
title. 2 yrs exp or equiv educa- 
tion & exp wiAIX; WebSphere 
MQ Series; install/operate multi- 
job & personal comp, networks. 
database mgmt systms, servers: 
dvip business appl processes 
operating systm prgms, info 
mgmt training; IT customer ser- 
vice; dsgn & admin internet 
sites. Need 12 sem hrs or 6 mos 
exp or comb in: Linux, prgmg 
lang, SAS, Unix, other main- 
frame/midrange/mini operating 
systms, personal comp, systms 
prgmg/mgmt 40 hrs/wk 
$40K/yr. Must have proof of 
legal auth to work in US. Send 
your resume to IA Workforce 
Center, 215 Keo Way, Ste 100. 
Des Moines, !A 50309-1727 
Please refer to JO 1A1101661 
Employer paid ad 


EXPERIENCED IT 
PROS NEEDED 


DBAs, P/A, & Proj. Managers to 
design, develop, admin, and 
support DBs: Sybase, SQL 
Server, Informix, Oracle& Rdb 
Disaster recovery plan/imple- 
ment, per. tuning, back up 
restore. and troubleshoot 
Expert in WinNT, VAX/VMS 
SCOUnix, TCP/IP, PowerBuild- 
er, Access, and C++. MS 
Proxy/SMS Server & IIS to 
develop web DB applications. 
Expert RDB theories, CASE & 
RDBMS physical implementa- 
tions required. Job Location: 
San Francisco Area and 
Phoenix. Please submit resume 
to: Apex Software, Inc., 4718 E 
Cactus Road, #206, Phoenix. 
AZ. 85032 


Computerworld + InfoWorld + Network World * February 3, 2003 


Business Process Analyst. 
Work Sched 8:00AM-5:00PM 40 
hrs/wk. $64,377.70 P/A. Design, 
evaluate, analyze, develop & 
support corporation's central 
vehicle invoicing & cost of sales 
systems. Evaluate, define soft- 
ware testing methods, redesign 
infrastructure & process, & ana- 
lyze systems using COBAL 
CICS, DB2, JCL, VSAM, IMS- 
DB & C/C++. Analyze, design. 
implement, & support of data- 
base for the vehicle invoicing, 
dealer billing, tracking systems. 
Electronic Data (EDI) & SAP 
interface for several countries & 
Account Receivables at corpo- 
tate & piant levels. Use multiple 
application development tools 
including Visual Basic and 
C/C++, management system 
interface with end?users to 
develop system requirements & 
provide in-depth applications 
support. Work in technical envi- 
ronment inciuding Microsoft 
Windows 95/98 & IBM RS6000 
Unix. improve ali aspects of 
vehicle invoicing & dealer billing 
tracking & cost of sales systems 
& improve software quality & 
integrate with existing systems 
on client. Bachelor, Any 
Engineering Degree. 2 Yrs. exp. 
in Job or Related Occupation(s) 
of Engineer, Computer Progr- 
ammer, Programmer Analyst or 
Systems Analyst. 2 Yrs. of 
Related Occupation exp. must 
include evaluation, defining of 
software testing methods. 
redesign of infrastructure & 
process, & analysis of systems 
using COBAL, CICS, DB2, JCL 
VSAM, IMS-DB & C/C++, which 
may be concurrent with Related 
Occupation exp. Employer Paid 
Ad. Send resume to MDCD 
P.O. Box 11170, Detroit, Mi 
48202, Ref. No. 202587 


Network Engineer: The network 

provide technical 
consulting, network implementa- 
tion, device configuration. router 
and switch installation, & 


Manage implementation 
work projects & develop & main- 
tain program specs & documenta 
tion. Experience with Microsoft 
BackOffice family of products 
Iti-vendor UNIX, network design 
and implementation, firewalls and 
other aspects of network security 
required. Must have experience in 
Frame Relay, packet switching. 
management, ISDN 
DSU, SNA/SDLC/SNMP, and 
protocol! analysis. Employment 
requires B.S. in computer science 
or electronics engineer & 2 yrs 
Exp. in job offered. Must possess 
current certifications as follows 
Microsoft Certified Systems 
Engineer ertified certifi 
cates for Design Engineer & 
Network Professional & Design 
Asso.; and Checkpoint certificates 
for security Engineer and Security 
Administrator. Will work 40 hr. wk 
8:00 am to 5:00 pm: no O/T. sai. 
$70,000 per yr. Send resume to 
Winois Department of Employment 
Security, 401 S. State St 7 
North, Chi . y 5; Atten 
Leonard Boksa; Ref # V-iL 33787 
B. An Employer Paid Ad. No Calls 
Send 2 copies of both resume 
and cover letter. Only fully qualified 
should apply 


Computers - Sr. Technical 
Consultants needed. Seek- 
ing qual. cand. possessing 
MS/BS or equiv. and/or rel 
work exp. Part of the exp 
must include 2 yrs. working 
with BaanERP. Work with 3 
of the following: Java, XML, 
BaanERP, Baan Open- 
World, VB. Must be willing 
to travel as req'd. Fwd 
resume & ref to 
e-Emphasys Tech., Attn: 
HR, 219 E. Chatham St., 
#102, Cary, NC 27511 
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Continued from page 1 


NT Server 4.0 


which is due out in April, and 
to consider the possibility of 
skipping the Windows 2000 
Server release entirely. 

Jon Deil’Antonia, vice presi- 
dent of IT at OshKosh B’Gosh 
Inc. in Oshkosh, Wis., said the 
support extension may allow 
him to push into 2005 the mi- 
gration of roughly 150 Win- 
dows NT servers that sit in the 
back rooms of stores. 

So far, support hasn’t been a 
worry for Dell’Antonia be- 
cause the vendor for his com- 
pany’s point-of-sale systems, 
Datavantage Corp. in Cleve- 
land, pledged to support Win- 
dows NT if Microsoft didn’t. 

For many companies in the 
midst of migrations, the exten- 
sion isn’t expected to have a 
significant impact on plans. 

Financial services firm Key- 
Corp in Cleveland has migrat- 
ed roughly 450 Windows NT 
servers to Windows 2000 
Server and already has a strat- 
egy to move its remaining 
1,350 NT boxes to Windows 
2000. Ann Louis, vice presi- 
dent of enterprise technology 
operations, said KeyCorp will 
continue on its planned con- 
version path. 


‘A Little Leeway’ 


A technical architect at a large 
insurance company said the 
IT department had set a “hard 
date” to be off Windows NT 
Server by year’s end, and the 
support extension merely pro- 
vides “a little leeway.” 

“J doubt we’ll change the 
date, but it’s nice to have the 
margin,” he said. 

Although Microsoft’s deci- 
sion to tack on an additional 
year of support for Windows 
NT Server was generally laud- 
ed by users and analysts, the 
extension doesn’t cover all of 
the company’s support op- 
tions. Pay-per-incident and se- 
curity “hot fixes” will be avail- 
able through Dec. 31, 2004, but 
the company will no longer 





provide nonsecurity hot fixes 
to premier support holders af- 
ter Dec. 31, 2003. 

A hot fix is a modification 
to commercially available Mi- 
crosoft product code to ad- 
dress a specific problem. As of 
Jan. 1, 2004, any customer 
wanting a nonsecurity hot fix 
will have to obtain a custom 
contract, according to a Mi- 
crosoft spokesperson. 

Bob O’Brien, a group prod- 
uct manager in the Windows 
server division, said the year- 
end elimination of nonsecuri- 
ty hot fixes was “a customer 
satisfaction and business deci- 
sion, given we are continuing 
to see an increase in Windows 
2000 deployments coupled 
with a decrease in NT 4 re- 
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Support Phaseout 


i unica tals) 
hot fixes 


Pay-per-inci- 
dent and premier support: 
online support 


quests for fixes.” He added, 
“The trend toward migration 
and consolidation is a better 
area to focus resources.” 

How much of an impact the 


| elimination of nonsecurity hot 


fixes will have remains to be 


| seen. Microsoft acknowledged 


Niche Vendors Catch 
Users’ Eyes at Lotusphere 


They fill gaps in 
Notes, Domino 
functionality 


BY TODD R. WEISS 
ORLANDO 

Among the 5,000 attendees 
from around the world at last 
week’s IBM Lotusphere 2003 
conference were IT leaders 
from companies on separate 
but similar missions: to find 
out how to make their Lotus 
Notes and Domino systems 
meet their specific needs. 

And often, the answers came 
not from IBM, but from niche 
companies that build add-ons 
for Notes and Domino. 

James Greene, senior Lotus 
Notes infrastructure analyst at 
Duke Energy Corp. in Char- 
lotte, N.C., was looking to 
solve the problem of e-mail 
eating up storage space. One 
possible solution was PKZip 
Professional Edition 6.0, fea- 
turing integration with Notes. 

The product, from PK Ware 
Inc., compresses and encrypts 
attachments [QuickLink 
35865]. It would reduce Duke 





Energy’s e-mail storage needs 
and add security for the 25,000 
Notes users and 5,000 Micro- 


| soft Exchange users Greene 


supports. “It seems that may- 
be using the attachment fea- 
ture [to compress the file 
size], encrypting it and then 
sending it out may be the solu- 
tion,” Greene said. 

Michael Bulis, program 
manager for industrial manu- 
facturer Ingersoll-Rand Co. in 
Woodcliffe, N.J., wanted 
knowledge management im- 
provements for Notes and 
Domino and was looking at 
List Server for Domino 3.x 
products from Bright Ideas 
Software Inc. in Edison, NJ. 
The software would let him 
streamline how users send 
e-mail to multiple recipients. 

Currently, some users send 
broadcast e-mails that devour 
costly bandwidth. Bulis would 
like to set up listservs, which 
would reduce storage and 
message distribution needs. 
The changes, which Bulis 


| wants to implement during 


the next five years, will affect 
about 25,000 users worldwide. 








! 


that corporate users typically 
request them. 

Louis said KeyCorp has re- 
quested hot fixes related to 
Dynamic Host Configuration 
Protocol and Domain Name 
System over the past 36 
months, and the company will 
weigh the potential risks that 
would be corrected with non- 
security hot fixes and decide 
what support it will need go- 
ing forward. 

Dwight Davis, an analyst at 
Boston-based Summit Strate- 


| gies Inc., criticized Microsoft's 


decision to fragment the NT 
Server support extension. He 
said it could confuse custom- 
ers and “diminish the glowing 
aftereffect” that Microsoft 
hoped to gain from the other- 


DYS ANALYTICS: improved 


“Some of this is vaporware,” 
he said. “But generally, half of 
vaporware makes it to reality.” 

Nicholas Behrmann, global 
messaging manager at General 
Motors Corp., was investigat- 
ing administration and man- 
agement tools for Notes and 
Domino to help reduce costs 
and improve service. 

Part of his mission was to 
look over tools that could be 


| used by GM’s IT outsourcer, 


Electronic Data Systems Corp. 
“T’d rather have them purchase 
a tool set, rather than reinvent 
the wheel,” Behrmann said. 


Among the products he 
| checked out was Netherlands- 


based AedifiComm BV’s 
WorkplaceControl for Notes. 


| wise positive changes. 

The changes will affect 
many companies. Tom Bitt- 
man, an analyst at Gartner Inc. 
in Stamford, Conn., estimated 
that 50% to 70% of the Win- 
dows server operating system 
installed base is still NT 4.0. 

O’Brien claimed that only 
35% to 40% of the Windows 
server installed base is NT 4.0. 
He said extending key support 
provisions was common sense 
“if you want to have a relation- 
ship with these customers for 
the next seven to 10 years.” 

Rob Enderle, an analyst at 
Giga Information Group Inc., 
said he thinks Microsoft also 
has seen customers turn to 
Linux, based on feedback his 
firm is getting from clients. D 


Perry Hiltz, Lotus adminis- 
trator at chemical company 
Henkel Corp. in Gulph Mills, 
Pa., wants to consolidate do- 
mains for Notes to reduce the 
complexity of his systems. 
One possible solution: the 
Common Migration Tool for 
Notes Domains package from 
BinaryTree Inc. in New York. 

“This basically does every- 
thing we’ve been doing in a 
manual way,” Hiltz said. He 
said it would let him conduct 
migration processes from his 
desk, without having to travel. 
It would cost $50,000 to de- 
ploy, but its long-term savings 
would result in a payback. 

Joe Sise, Notes administra- 
tor for the Brunswick Boat 
Group in Knoxville, Tenn., was 
looking at Notes management 
tools from DYS Analytics Inc. 
in Wellesley, Mass., and re- 
searching spam fixes for his 
3,500 users. Spam is “an in- 
creasing problem,” he said. 
“We've tried to filter it. ... But 
it’s like sand in your hand. You 
get some of it, but most of it 
falls through.” D 


| NO-FRILLS E-MAIL 


IBM will offer a cheaper-than-Notes prod- 
uct to extend e-mail access to all workers: 


QuickLink a2870 
www.computerworld.com 
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Bug Chase Bungle 


AYBE YOU MISSED THIS NEWS last week amid all 

the hubbub about the Slammer worm: Security re- 

searcher Next Generation Security Software Ltd. 

(NGS) said it will stop sharing information with the 

CERT Coordination Center, the government-funded 
clearinghouse that tracks viruses, worms and other security prob- 
lems [QuickLink a2860]. So what? Well, when NGS finds a security 
hole, it will notify its clients and the software vendor, but not CERT. 
Which sounds pretty selfish of NGS — until you consider whom 
CERT was passing the information along to. 


That would be some of NGS’s competitors 
and potential clients. And they’ve typically 
been getting the information before CERT noti- 
fies the public about a security problem. 

Here’s how it works: When a bug chaser like 
NGS finds a security problem, the company 
warns its clients (who pay for the service) and 
the vendor involved (who has to fix it). Then 
the bug chaser tells CERT, so CERT can con- 
firm the problem and prepare its own alert. 
The public isn’t usually told for 45 days, so the 
vendor has time to develop a patch. 

At least that’s how it’s supposed to work. But 
since April 2001, CERT has also made vulnera- 
bility reports immediately available to the In- 
ternet Security Alliance, a CERT-sponsored 
group whose member companies pay dues 
ranging from $3,000 to $70,000 per year. None 
of that money goes to the bug chasers; it all 
goes to CERT. 

While that fact isn’t a secret, it wasn’t widely 
known. At least the people at NGS didn’t know 
that when they gave away their best stuff to 
CERT, CERT was selling it on the side. No 
wonder NGS wasn’t happy when it finally real- 
ized what was going on. 

The upshot? CERT loses early ac- 
cess to a major bug chaser’s work. 

Now CERT will find out about 
NGS's research when NGS issues 
an advisory, like the rest of us. 

And IT people lose confidence in 
CERT as the clearinghouse for the 
most up-to-date, comprehensive IT 
security information. 

But it gets worse. It turns out oth- 
er bug chasers already knew what 
NGS just found out. They’ve been 
withholding their security research 
from CERT, too. They just haven’t 
made a big deal about it. 





So, at a time when worms, viruses and other 
threats are rising, CERT’s usefulness as a 
source for security information is collapsing. 

And in exchange for this loss in credibility, 
what does CERT get? A few million dollars. 

I prefer full disclosure of security holes, so 
IT shops can make their own best security de- 
cisions. But I also understand that security re- 
searchers have to make a living by selling what 
they’ve worked hard to discover. They can’t af- 
ford to give it away to their competition. 

Which means IT shops now face a choice. 
We can become clients of one or more security 
research outfits, if we really need that level of 
security information. Or we can make do with 
the bulletins coming from individual security 
companies and patches issued by vendors. But 
we can no longer assume CERT is the place to 
go for the best information. 

CERT has a choice, too. CERT can keep pass- 
ing along vulnerability reports to the Internet 
Security Alliance — guaranteeing that CERT 
won't get most information from bug chasers. 

Or CERT can restore its credibility by killing 
that program and finding another way to get 
the few million dollars it currently generates. 

Maybe the money could come 
from the government’s new home- 
land security budget. That would 
be a cheap way of making Ameri- 
ca’s IT infrastructure safer. 

Or maybe it could be donated, 
no strings attached, by some high- 
tech billionaire — say, a chief soft- 
ware architect who feels directly 
responsible for the kinds of securi- 
ty messes that CERT should be 
helping to clean up. It would be 
good PR, and at a few million a 
year, dirt cheap. 

Bill wouldn’t even miss it. D 
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Want to cut your IT costs without sacrificing 
performance? PRIMEPOWER Servers from Fujitsu. 


The secret is out. PRIMEPOWER™ Solaris”- compatible 

servers from Fujitsu’ deliver a major breakthrough in 

price/performance compared to our more famous 

competition. Want proof? PRIMEPOWER servers offer 

such an advantage that the world’s leading com- 
panies use them to boost their performance. And there’s a 
PRIMEPOWER server that’s right for any application you need— 
from single CPU, rack-mounted servers to enterprise-ready 
systems that scale to 128 CPUs for unsurpassed performance in 
the data center. 


Of course, it’s not just the hardware you’re buying. It’s also 
Fujitsu’s 30+ years of experience supporting high-perform- 
ance, mission-critical systems. We’ve already helped many 
companies consolidate their IT infrastructures and lower their 
Total Cost of Ownership. Our free white paper, The Why and 
How of Server Consolidation, explains how. Get your copy at 
www. ftsi.fujitsu.com/ad. Or call (877) 905-3644. 
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NEW DB2. A SELF-STARTER 
IN THAT SELF-MANAGING, 
SELF-HEALING 

SORT OF WAY. 
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What keeps databases in game shape? DB2 v8, the most advanced self-managing 

database across Linux? UNIX® and Windows? Turbocharged querying and tuning 

saves time, resources and pushes productivity skyward. And, no matter what form © business is the game. Play to win.” 
your data is in, it lets you access, analyze and manage it. DB2. It’s part of the software ee 

team that includes Lotus? Tivoli® and WebSphere® Learn more at ibm.com/db2/new 





